--wayne <wayne(_at_)midwestcs(_dot_)com> wrote:
In <3255811(_dot_)1096068892(_at_)[192(_dot_)168(_dot_)0(_dot_)2]> Greg Connor
<gconnor(_at_)nekodojo(_dot_)org>
writes:
I think the idea to tie it and PRA together came soon after, because
we were making an effort to work with MS at the time.
No, RFROM/FRED/SUBMITTER was always tied to the PRA.
But I also
think the Submitter is distinct from the PRA in an important way: the
Submitter is a new, declared parameter, while the PRA is a heuristic
guess picked from other identities, based on how we think current mail
headers work in practice.
No, the PRA is *not* heuristic, it is supposed to be quite
deterministic so that all systems when given the same email will come
up with the same PRA. If the PRA doesn't match the SUBMITTER value,
you are supposed to reject the email.
Sorry, I communicated poorly. If we were to check something other than the
PRA, and it's in 2822 headers but not in the 2821 conversation, Submitter
could be used for that too. We could tie it to X-Forwarded-For: or just
call the new header Submitter: or something.
The word heuristic is probably the wrong word for what I meant. What I
meant was that PRA is a formula that uses existing headers and depends on
people using them just like they have been used before. Taking over
Submitter for non-PRA purposes would mean that we could *set* the new
headers and suggest new best practice, rather than depending on how people
have used things in the past. A new Submitter: header would allow
forwarders something they can do besides SRS. It would be similar to
whitelisting known forwarders based on their HELO I guess, but it gives us
one additional tool in the toolbox. Forwarders come in different flavors
and some will like SRS, some will expect people to whitelist based on HELO
or PTR, but I think if Submitter becomes available they would use that too.
Anyway. I don't feel strongly about it so I don't want to make a big deal
about it. Bug me on irc some time and I'll try to explain in more detail
what I think on the subject. But it's certainly not as important as
getting SPF published as experimental and getting started on a new
experimental RR.
--
Greg Connor <gconnor(_at_)nekodojo(_dot_)org>