On Thu, 12 May 2005, Julian Mehnle wrote:
I think Scott's text suggestion would be appropriate for section 9.4, but I
also think that in order to complete the envelope sender forgery
protection already provided by SPF, significant further steps are
necessary, and that prevention of cross-user forgery is one of the most
important. So perhaps a sub-section should be added in the Security
Considerations section, and section 9.4 should just point to that?
This would be helpful. My attempts to explain the need for cross-user
forgery prevention to commercial SMTP AUTH providers have failed.
As a result, they are no help in getting a reliable PASS instead of neutral.
I would really like to have an SMTP company I could direct domains with
no static IP to for proper authentication.
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.