spf-discuss
[Top] [All Lists]

[spf-discuss] TENBOX/E as an AUTH type

2007-03-31 15:18:56
I thought of one way we could get the effect of a TENBOX/E ESMTP extension
with less RFC-lawyering.

(For those joining the list since the last discussions of TENBOX:
"TENBOX" is a name coined by Julian Mehnle to refer to some kind of
automatic system to make whitelisting of forwarders easy, solving the SPF
"forwarding problem".  TENBOX is presently just a stack of desired
features with no concrete design yet.

I've suggested that the best way to move towards a solution to the TENBOX
spec is to split it into two protocols, TENBOX/E which allows forwarded
mail to be associated with a nonvarying token that can be looked up in a
recipient's whitelist, and TENBOX/O which helps nontechnical users manage
a whitelist of such tokens.)

RFC 2554, the AUTH extension for ESMTP, provides a little-used feature of
an extra "AUTH=" parameter added to the MAIL FROM: command.  This feature
was intended so that a SMTP client could authenticate *itself* to another,
yet indicate that a given mail's origins were either not authenticated or
authenticated to be from somebody else.

It bends the text a little, but I was thinking we might be able to
register TENBOX as a special pseudo-SASL authentication type.  This
authentication type would never refuse the initial "AUTH" command, but
would instead perform an SPF-like validation process on AUTH arguments to
MAIL FROM:.  If this process approves the argument (for the given sender
IP), then that argument is used in place of the envelope sender for
whitelist-checking purposes.

The point of doing this (rather than pursuing a seperate ESMTP extension)
is that there seems to be much less red tape involved in registering an
AUTH keyword than there is in allocating an EHLO keyword.

This does mean that TENBOX/E can't be used at the same time as another
authentication method, but that shouldn't be a problem since most
presently authenticated connections are already exempt from SPF.

---- Michael Deutschmann <michael(_at_)talamasca(_dot_)ocis(_dot_)net>

-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to http://v2.listbox.com/member/?list_id=735

<Prev in Thread] Current Thread [Next in Thread>