spf-discuss
[Top] [All Lists]

Re: What does PASS really mean?

2004-06-29 17:25:21
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tuesday 29 June 2004 11:35 am, Chris Haynes wrote:
2) Did the MTA verify that the mail was submitted to it by someone
authorised to send on behalf of that domain?

I suggest we should introduce a new assertion by the MTA that id did
indeed validate the origin. Put this in a new RFC 822 header or as an
extension to some existing header.

It is now for the client to look at the two pieces of information and
make a decision about the authenticity of the message.

This means that the roll-out of SPF and of SASL are not mutually
dependent.

I would recommend giving the second item of information its own RFC and
name / abbreviation, rather than treating it as "the MTA ought to
implement SASL as well" as part of the SPF RFC .

In some situations, it would be a useful additional feature in its own
right, independent of its use alongside SPF.


This is something that can be rolled into the sender's reputation. Maybe it 
should count against the sender if they use a relay service that doesn't do 
proper SASL checks.

Rather than have a seperate or additional protocol to assert this, we can 
just score the sender on how well they actually do on controlling what they 
are sending and allowing to be sent in their name. They may be able to 
properly handle it all without SASL.

So in the case above, by doing nothing, we leave it into the hands of the 
domain owners to ensure that the relay servers are adequately defended and 
authenticated. If they can't trust the relay servers, they shouldn't use 
them. If they don't check, or if they use it despite these problems, and 
someone abuses it, then their reputation will suffer.

- -- 
Jonathan M. Gardner
Mass Mail Systems Developer, Amazon.com
jonagard(_at_)amazon(_dot_)com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQFA4ghyBFeYcclU5Q0RAqcXAKCxWCih4513PUstuqJyk1z68TvXXwCgx/Yt
zV3Gp9VmlgAWJuwUPRRk6cE=
=le0A
-----END PGP SIGNATURE-----