Re: Declaring an Identity

On Thu, 19 May 2005, David MacQuigg wrote:

OK, let's nail this down.  Here is the example incoming email, with the 
proposed ID command.  Assume you have no prior relationship with the 
sender, so you don't know what authentication method he uses.

    EHLO  mailserver7.bigforwarder.com
    ID  bigforwarder.com
    MAIL 
FROM:<<mailto:bob(_at_)sales(_dot_)some-company(_dot_)com>bob(_at_)sales(_dot_)some-company(_dot_)com>


The ID command offers zero information.  If gives us yet another name,
as if we didn't have enough already.  So now, in addition to
HELO, MAIL FROM, Header From, PRA, etc identities, we now have the ID identity.

There are currently zero, zip, nada, protocols even proposed for 
authenticating the new ID identity.  Worse, no MTAs currently have
an "ID" identity.  Only RFC compliant MTAs (a rare breed) have
a HELO identity (most MTAs put invalid garbage there).  Spam email often lacks
a "Header From" identity (by not including a From header).  The PRA identity
is defined in such a way that every email has one, but you need a patent
license to use it.  However, every single single email from every MTA on the
planet has a MAIL FROM identity, and no one has patented using MAIL FROM
as an identity (yet).  And you don't need to read the entire message before
checking the MAIL FROM id.  That is why MAIL FROM protocols like SPF and SES
are the obvious basic identity check before messing with anything else.

It might actually be useful if the "ID" command mentioned what 
authentication protocols were supported for existing identities rather
that introducing yet another identity.

E.g.:

     EHLO  mailserver7.bigforwarder.com
     ID SPFv1,SenderID
     MAIL 
FROM:<<mailto:bob(_at_)sales(_dot_)some-company(_dot_)com>bob(_at_)sales(_dot_)some-company(_dot_)com>

It has already been pointed out that SPF records could list addition
identity checks supported as a modifier (useful if you always check
SPF first).

-- 
              Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
    Business Management Systems Inc.  Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.

<Prev in Thread]	Current Thread	[Next in Thread>
Re: Standards Strategy, (continued) Re: Standards Strategy, David MacQuigg Re: Standards Strategy, william(at)elan.net Declaring an Identity, David MacQuigg Re: Declaring an Identity, william(at)elan.net Re: Declaring an Identity, David MacQuigg Re: Declaring an Identity, Daniel Taylor Avoiding the DNS Hunt, David MacQuigg Re: Avoiding the DNS Hunt, Alex van den Bogaerdt Re: Avoiding the DNS Hunt, Terry Fielder Re: Avoiding the DNS Hunt, Daniel Taylor Re: Declaring an Identity, Stuart D. Gathman <= Avoiding the DNS Hunt, David MacQuigg Re: Avoiding the DNS Hunt, Terry Fielder Re: Avoiding the DNS Hunt, Stuart D. Gathman Re: Avoiding the DNS Hunt, Stuart D. Gathman Is the ID command hearsay ?, David MacQuigg Re: Is the ID command hearsay ?, Stuart D. Gathman Re: Is the ID command hearsay ?, David MacQuigg Can the ID command be trusted ?, David MacQuigg Re: Can the ID command be trusted ?, Frank Ellermann Alternative Neutral IDs, David MacQuigg