On Mon, 16 May 2005, wayne wrote:
In
<Pine(_dot_)LNX(_dot_)4(_dot_)44(_dot_)0505161455300(_dot_)7770-100000(_at_)bmsred(_dot_)bmsi(_dot_)com>
"Stuart D. Gathman" <stuart(_at_)bmsi(_dot_)com> writes:
I just had an idea for a simple shared MTA policy mechanism.
Suppose an SMTP service has domain 'service.com' and a client
logs in to SMTP AUTH as 'curly' and gives a MAIL FROM of
'moe(_at_)example(_dot_)com'.
The service then looks for a DNS A record at:
moe._using_.paul._at_.service.com._smtpauth_.example.com
MTAs that allow people to send out email with a MAIL FROM other than
their own should do egress SPF checks. That is, it should check to
see if the MTA is allowed to send email using that domain.
You missed the point completely. SPF is guaranteed to fail, because the
submitter is using a laptop in the field from a random ISP. That
is why he is using SMTP AUTH!
The point of the protocol is so that a company offering commercial
SMTP AUTH service can prevent cross customer forgery without maintaining
an authorization database.
If MTAs do that, then the above check can already be done with an
exists: check.
It could, *IF* there was an SPF macro for SMTP AUTH login name. Since
there isn't, no it can't.
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.