On Sat, 27 Jan 2007, Julian Mehnle wrote:
That's essentially what the lame "TENBOX" catchphrase is about. (Can we
find another term? In any case I think we do need one.)
That reminds me -- you never responded to my suggestion that the TENBOX
requirements should be split into two. There should be a TENBOX
Authentication protocol that forwarders to mark their forwards with a
forgery-proof token the recipient can whitelist, and a TENBOX
Authorization protocol that allows a forwarder to request whitelisting
from the recipient MTA with no more enduser involvement than subscribing
to a mailing list.
If you want new acronyms, how about:
FAR - Forwarding Agent Recognition
for the authentication protocol, and
FAME - Forwarder Authorization Made Easy
for the authorization end.
One other idea that has been buried in RFCs 821 and 2821 largely unnoticed
is the HTTP-redirection-like "551 User not local; please try
<joe(_at_)example(_dot_)
org>"-style "forwarding" (Frank mentioned it before). I think this would
be _the_ solution if only more MTAs supported it. If we want to work on
Problem is that most uses of forwarding are accounted by:
* People who want to send and recieve mail under a pseudonym.
* People who don't expect much of the spam defenses at their real address,
so they use a forwarding service with better defences as their only
world-visible address.
* People who are using mail aliases as canary traps to detect misuse of
e-mails collected by businesses.
In all these cases, disclosure of the direct address to all and sundry,
which is what 551 implies, would defeat the whole purpose of the forwarding.
---- Michael Deutschmann <michael(_at_)talamasca(_dot_)ocis(_dot_)net>
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735