From: Stuart D. Gathman
Sent: Monday, May 31, 2004 5:54 PM
<...>
None of these has anything to do with getting a
pass/fail/neutral/error/...
result for SPF. None of the them can be evaluated before data.
Any extensions not related to authenticating MAIL FROM and RCPT
TO should go
into a separate DNS namespace rooted in '_ep'.
If fact, maybe that is the best compromise. SPF stays the ways it is
and is dedicated to 'before DATA' authentication. CID/XML stay the
way they are and are dedicated to 'after DATA' authentication, with
XML being well suited to extensions for domainkeys, etc.
This is reasonable, but extracting PRA and making sure that it matches RFROM
(or the leftmost source route, if that ever comes to pass) is a very useful
thing and does not require any changes to the language. Why _not_ do
something to make sure that the 2822 stuff is OK, as long as it doesn't
require additional extensions?
While we're at it, how about requiring that MAIL FROM:, or the address part
of an SES signature it contains, match either From: or Sender:? This
doesn't stop you from setting Reply-To: to some other address, but why do we
still need the return-path to be an address not in From: or Sender:? In a
way, this seems like the dual of requiring PRA to match RFROM. I could be
missing something really obvious here, and if so, please clue me in but hold
the clue bat.
--
Seth Goodman