spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: I hate to interrupt all this for something practical, but.... we need a concise, easy-to-follow set of SPF instructions in file format - anyone able to help?

2004-11-01 20:46:54
from [Scott Kitterman] [Permanent Link] 
-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com]On Behalf Of Graham 
Murray
Sent: Monday, November 01, 2004 2:10 AM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: Re: [spf-discuss] I hate to interrupt all this for something
practical, but.... we need a concise, easy-to-follow set of SPF
instructions in file format - anyone able to help?


Scott Kitterman <spf2(_at_)kitterman(_dot_)com> writes:


How are MTA service providers supposed to validate the authority of their
customers to use mail identities foreign to their service?  I

don't believe

that there is a good proposal on the table for this.  Does anyone know of
one?


Maybe something similar to SPF could be used for this. The shared MTA
will be receiving the email via SMTP from an MUA, MSA or (the
customer's) MTA. So could the domain owner not publish a record
showing the SMTP AUTH identities authorised to use that domain?


I think it's a different type of issue because there is an ongoing
contractual relationship between the MTA provider and the customer being
given SMTP AUTH access.  The customer must be authorized by the domain
owner.  So throughout, there is a direct knowing relationship.  The trick is
to establish guidelines for how MTA providers should authenticate the
relationship between their customer and the domain owner.  Since these types
of relationships tend to be reasonably static, something like SMTP AUTH
records in DNS would really be overkill I think.

I was thinking more along the lines of business rules, e.g....

The MTA provider should authorize use of mail identities if:

1.  The MTA customer also manages the domain registration and DNS records
through the MTA provider (it's all internal to the company providing all
these services).

2.  MTA customer is authorized by the domain owner based on e-mail from the
address listed in the domain registration and the e-mail is authenticated
via SPF, S/MIME or PGP signature, etc.

3.  MTA customer is billed at the same address as the registrant and the
domain owner provides written, signed authorization.

something like that.  Some of these business rules are more easily automated
than others.  If we can come up with a good set of rules that can be easily
automated, that should smooth the path for MTA operators trying to figure
out how to solve this particular (non-SPF, but related) problem.

Scott Kitterman
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: DomainKeys vs IIM, william(at)elan.net
Next by Date:  Re: purely dual-format approach, wayne
Previous by Thread:  Re: I hate to interrupt all this for something practical, but.... we need a concise, easy-to-follow set of SPF instructions in file format - anyone able to help?, Mark Shewmaker
Next by Thread:  RE: I hate to interrupt all this for something practical, but.... we need a concise, easy-to-follow set of SPF instructions in file format - anyone able to help?, Greg Connor
Indexes:  [Date] [Thread] [Top] [All Lists]