On Fri, 6 Apr 2007, Scott Kitterman wrote:
The identities associated with SPF (and even SID to a degree) and DK/DKIM can
be validated out of band (in DNS).
Submitter was just a hack to get you to go to DATA. Note that Submitter was
also the SID solution to the forwarding problem. How would a TENBOX identity
(regardless of if it's an AUTH parameter or an ESMTP keyword) be different?
Because it can be validated out of band via SPF by comparing the connect
IP to the SPF record for the alleged domain in AUTH=. Without AUTH=,
you have to consult a list of possible forwarders, validating each one
(or compiling to IP sets with TTL). AUTH= just saves time by telling
you which forwarder domain to validate. Note that you would *still*
check that the domain is in the list of authorized forwarders.
This of this application of AUTH= as providing the real MAIL FROM
to validate instead of the forged MAIL FROM. This is similar
to SRS, except that bounces go to the original sender instead of
the forwarder.
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flammis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735