I just had an idea for a simple shared MTA policy mechanism.
Suppose an SMTP service has domain 'service.com' and a client
logs in to SMTP AUTH as 'curly' and gives a MAIL FROM of
'moe(_at_)example(_dot_)com'.
The service then looks for a DNS A record at:
moe._using_.paul._at_.service.com._smtpauth_.example.com
If the result is NXDOMAIN, the email is rejected with 550.
Otherwise, the mail is accepted (subject to other restrictions)
and relayed.
This allows domain owners to explicitly authorize relay of their
domain through designated SMTP services, so that said SMTP service
can be safely included in an SPF record as a PASS.
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.