spf-discuss
[Top] [All Lists]

Re: moving on from MARID

2004-09-25 18:06:22
In <20040925145844(_dot_)GL21013(_at_)dumbo(_dot_)pobox(_dot_)com> Meng Weng 
Wong <mengwong(_at_)dumbo(_dot_)pobox(_dot_)com> writes:

On Fri, Sep 24, 2004 at 11:34:52PM -0700, Greg Connor wrote:
| 
| Actually I was going to say just the opposite.  Submitter was originally 
| Meng's idea (if I remember right) and was described as "the entity 
| responsible for the most recent injection of this message into the mail 
| stream".

To set the record straight, SUBMITTER was actually MS's
idea.  They unveiled it to me in May at the D.C. MAAWG
meeting where we agreed on the Sender ID compromise.

No, actually, it RFROM/FRED/SUBMITTER was *not* MS's idea, or at least
not according to a couple of posts on MARID.  Someone suggested it to
them, I forget who, but you can find the post on the MARID archive.
IIRC, it was posted around 3-4 weeks ago.

RFROM/FRED/SUBMITTER isn't even a very new or unique idea, we had
discussed trying to leverage similar ESMTP extensions such as ENVID in
the past.


However, using it as a standalone entity as Greg suggests is
an intriguing possibility which I would like to continue to
explore.

I can't see any value in using SUBMITTER standalone.  It would be an
identity that is created out of thin air.  It would never be seen
anywhere and couldn't be checked.  There is no advantage for a sender
to create an identity with SUBMITTER instead of just using the HELO
domain.

That is, unless, you really want to slip in the use of the badly
licensed PRA.


But because spammers will omit SUBMITTER, it seems important
to preserve MAIL-FROM protection even in a SUBMITTER-enabled
world.

Why would spammers omit SUBMITTER if it isn't checked against the PRA?
I would think that if we created a SUBMITTER identity without tieing
it to anything, spammers would flock to it.

Yeah, yeah, I can hear it now, "SUBMITTER would be checked against
accreditation services", but as long as some people are tieing
SUBMITTER to the PRA, no one is going to reject email due to the lack
of accreditation.



-wayne


<Prev in Thread] Current Thread [Next in Thread>