Re: Avoiding the DNS Hunt



David MacQuigg wrote:

Hi Stuart, I appreciate the one positive suggestion in this entirediscussion.

<snip>

It might actually be useful if the "ID" command mentioned what
authentication protocols were supported for existing identities rather
that introducing yet another identity.

E.g.:

     EHLO  mailserver7.bigforwarder.com
     ID SPFv1,SenderID
     MAIL FROM:<bob(_at_)sales(_dot_)some-company(_dot_)com>

OK. This will work. It's not as useful as what I have proposed, butit's a step in the right direction, and I can support it.


Does everyone agree this would be useful?

Absolutely not, no matter what you call it, that is information from theconnecting MTA, which cannot be trusted.

If you wanted to stick that information on a DNS record or somethingthat one looks up for the domain the email is claiming to come from (orfor the connection HELO name if doing HELO checking), then fine. Butanything passed in with the email from the connecting MTA *CANNOT BETRUSTED*.


Am I missing something here???

If we could trust the connecting MTA, we wouldn't need SPF/CSV/whatever.

Terry

It has already been pointed out that SPF records could list addition
identity checks supported as a modifier (useful if you always check
SPF first).

A sender not using SPF will not have any SPF record, even one telling uswhat other identities to check.


--
Dave
************************************************************     *
* David MacQuigg, PhD     email: david_macquigg at yahoo.com     *  *
* IC Design Engineer            phone:  USA 520-721-4583      *  *  *
* Analog Design Methodologies                                 *  *  *
*                                 9320 East Mikelyn Lane       * * *
* VRS Consulting, P.C.            Tucson, Arizona 85710          *
************************************************************     *


-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Read the whitepaper!  http://spf.pobox.com/whitepaper.pdf

To unsubscribe, change your address, or temporarily deactivate yoursubscription, please go tohttp://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com


--
Terry Fielder
terry(_at_)greatgulfhomes(_dot_)com
Associate Director Software Development and Deployment
Great Gulf Homes / Ashton Woods Homes
Fax: (416) 441-9085

<Prev in Thread]	Current Thread	[Next in Thread>
Declaring an Identity, (continued) Declaring an Identity, David MacQuigg Re: Declaring an Identity, william(at)elan.net Re: Declaring an Identity, David MacQuigg Re: Declaring an Identity, Daniel Taylor Avoiding the DNS Hunt, David MacQuigg Re: Avoiding the DNS Hunt, Alex van den Bogaerdt Re: Avoiding the DNS Hunt, Terry Fielder Re: Avoiding the DNS Hunt, Daniel Taylor Re: Declaring an Identity, Stuart D. Gathman Avoiding the DNS Hunt, David MacQuigg Re: Avoiding the DNS Hunt, Terry Fielder <= Re: Avoiding the DNS Hunt, Stuart D. Gathman Re: Avoiding the DNS Hunt, Stuart D. Gathman Is the ID command hearsay ?, David MacQuigg Re: Is the ID command hearsay ?, Stuart D. Gathman Re: Is the ID command hearsay ?, David MacQuigg Can the ID command be trusted ?, David MacQuigg Re: Can the ID command be trusted ?, Frank Ellermann Alternative Neutral IDs, David MacQuigg Re: Alternative Neutral IDs, Frank Ellermann Re: Avoiding the DNS Hunt, Julian Mehnle