On Sun, 6 Mar 2011, Michael Deutschmann wrote:
Another approach is a flag to require a TLS certificate. This has the
advantage over DKIM of allowing forged connections to be rejected at
RCPT or earlier -- DKIM must go to DATA to be inspected. But it would
only help with NAT/PAT sharing, not with actual smarthosts.
I like that idea. Stays within the SMTP envelope domain that SPF covers,
and makes sending email from a NAT connection able to be authenticated.
Would the modifer specify the domain expected in the TLS certificate?
Is this what you are thinking?
v=spf1 ?a:mail.6to4.com tls=smtp.example.com -all
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flammis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.
-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/
[http://www.listbox.com/member/]
Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/2183229-668e5d0d
Modify Your Subscription:
https://www.listbox.com/member/?member_id=2183229&id_secret=2183229-a7234b15
Unsubscribe Now:
https://www.listbox.com/unsubscribe/?member_id=2183229&id_secret=2183229-98aa0fe6&post_id=20110306142612:96BDF456-4827-11E0-8D5A-9613524EA42E
Powered by Listbox: http://www.listbox.com