spf-discuss
[Top] [All Lists]

Re: Declaring an Identity

2005-05-20 05:54:45
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

David MacQuigg wrote:
At 06:10 PM 5/19/2005 -0700, william(at)elan.net wrote:

On Thu, 19 May 2005, David MacQuigg wrote:

Without the ID command, you will waste a bunch of DNS queries and
possibly conclude this sender offers no authentication.


He doesn't!!!!!
If sender wants to authenticate, he can just go ahead and use AUTH
command,
Authentication involves mutual pre-negotiated trust.


We're talking about a syntax that might be useful for SPF, CSV,
DomainKeys, etc.  None of these require pre-negotiation.  I hope this
isn't the start of a debate on the meaning of "authentication".

So, to get back on track, assume you are a well-equipped receiver, and
you have available any method that might be needed, including the three
I mentioned.  All you know about the incoming mail is it's IP address,
the following two commands:

  EHLO  mailserver7.bigforwarder.com
  MAIL FROM:<bob-at-sales.some-company.com>

What do you do to avoid a DNS hunt?

I disagree with your statements below, but lets focus for now on this
first barrier.  If we can't get past this, the rest of the discussion
may be a waste.

For SPF the answer is ridiculously simple.
You query TXT for sales.some-company.com against the source IP.
If you want to check permission for HELO, you do the same for
mailserver7.bigforwarder.com.

Since bigforwarder.com is probably in trusted forwarders, you might
ignore a FAIL on MAIL FROM:, but definitely would not ignore a FAIL
on the EHLO.

What any other protocol does is beyond the scope.

- --
Daniel Taylor          VP Operations            Vocal Laboratories, Inc.
dtaylor(_at_)vocalabs(_dot_)com   http://www.vocalabs.com/        
(952)941-6580x203
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCjd4V8/QSptFdBtURAsAFAJ9B0CUwvsMzxJaxN6Q7rVTPZ8pWGQCZAfAY
HQcw8HnCtmpNbhQoJyrDTOg=
=q+5/
-----END PGP SIGNATURE-----


<Prev in Thread] Current Thread [Next in Thread>