-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Mark wrote:
The record, for sure, would be 'authentic'; the object of that record,
however, would not be; which is to say, "op=MTA is trusted to handle
only my domain" may be an authentic record, but the domain owner cannot
speak for the MTA in that fashion.
Yes, it can. Just like the domain owner can speak for all MTAs in the
world by saying "v=spf1 +all", which is a valid policy, isn't it?
If the domain owner wants to express trust in the MTA, why can't he do
that? And why should a receiver not believe in what the domain owner
said? After all, it is beyond the domain owner's power to diminish the
reputation of any domain except of his own. If he wishes to diminish his
own reputation, who are you to say he can't do that? He could just as
well say "v=spf1 +all".
Only the MTA itself could provide such a mechanism.
No, because the MTA may have an interest in making false assertions about
its own security. You can't trust the sender, only the owner of that
property which is being protected (the domain owner).
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFCn5pYwL7PKlBZWjsRAruuAJ96ok82iIbchTgUyzDymsRjRA6i7QCgtsEc
xOZQNaQmqyhKBdaSo3DRIJM=
=19Pt
-----END PGP SIGNATURE-----