On 18 Jan 2004 at 11:36, wayne wrote:
In <400A3DF2(_dot_)24050(_dot_)A479CC12(_at_)localhost> "John Warren"
<John(_at_)wenet(_dot_)tustin(_dot_)ca(_dot_)us> writes:
Let's stop and take a deep breath.
Ok, now that we done that I'm going to restate my idea since my
original one was on the right track but had some flaws and my adjusted
one seems not to have gotten across.
Good idea.
The idea of using SRS is going to require changes to MTAs which would
also be the case with what I'm purposing but I think my changes follow
the RFCs better than SRS.
That is a valid idea to consider.
Problem.
Being able to prove that mail is being sent from a valid mail host and
or user.
Solutions:
SPF and IMX plus others. IMX does take care of where mail comes from
and SPF does protect the domain owner. Both can and should work
together.
Note: SPF does everything that IMX does. While they may be able to
work together, using both is redundant.
Not the way I thought I understood it. If your inbound mail server
also does all of your outbound mail you don't need a IMX but if you run
a split system then you need a IMX for you outbound servers.
It does some of the things that SPF does but not all.
It's kinda like a square is a rectangle but a rectangle is not a
square.
SPF, IMX, RMX, DMP, DRIP, etc. are all designated sender systems.
They don't say whether an IP address is a valid mail host. Rathery,
they say whether a given domain owner has authorized a given IP
address as being authorized to send email using their domain name.
All of these designated sender systems allow you to say that 224.1.2.3
is a valid IP address, but since 224.1.2.3 is a multicast IP address,
it can't possibly be a valid mail host.
MTAMark, on the otherhand, can be used to mark valid MTA hosts.
Problem:
Being able to send mail using your legal e-mail address from a domain
other than the one in your e-mail address. This has very basic and
valid business reasons and needs to not be blocked.
[...]
Solution:
The Sending MTA/MSA must make sure that the "MAIL FROM" in the SMTP
envelope MUST always contain the valid local authenticated e-mail
address of the of the sender no matter what the sender puts in the
"FROM" or "REPLY-TO" fields in the message header. Both RFC 2476 and
2821should be updated to require this since it's currently ambiguous.
The Sending MTA Should replace or add, as required, a "SENDER" field to
the message header, as stated in RFC 2476, that matched the "MAIL
FROM" used in the SMTP envelope.
I think that RFC 2476 should be changed to make this a MUST rather than
SHOULD requirement.
Getting an RFC through IETF that would change RFC2476 and RFC2821 is
going to be *real* hard. Getting actual MTAs in the field to comply
with those changes will take decades.
I would think that SRS would be even harder. RFC 2476 basically states
what I thinking about for the "Sender" field but only for initial
sending of a message and not for forwarding. The "MAIL FROM" only
states an e-mail address and does not state if that address should be
the authenticated one or the one given in the "From" field.
Note that RFC2821 is still a *proposed standard*, it still needs to
get through the *draft standard* stage before it can supersede RFC821
as an *internet standard*. RFC2821 was written in Apr 2001, close to
three years ago. It will be lucky to make it through the final two
stages this year.
But I think that most e-mail servers are being written to 2821 even
thought is not final.
Win, Win, Win so what am I missing?
I want something done within my lifetime. Your proposed changes to
RFCs will not be reflected in the real world for a *very* long time.
It's really how you read the RFC. There is nothing I read in the RFC
that states what e-mail address should be in the "MAIL FROM" so one
could just start using the authenticated one. In the case of "Sender"
it is stated for some function but not all.
-wayne
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#�«Mo\¯HÝÜîU;±¤Ö¤Íµø�?¡
----------------------------------------------------------------------
John Warren
+--------------------------------------------------------------------+
| Any and all use of my email address for bulk email without my |
| expressed permission is prohibited. This means NO JUNK EMAIL, SPAM.|
| Support the anti-Spam amendment, Join at http://www.cauce.org/ |
+--------------------------------------------------------------------+
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#�«Mo\¯HÝÜîU;±¤Ö¤Íµø�?¡