On 11/2/09 9:14 PM, Eliot Lear wrote: > On 11/2/09 11:06 PM, Rolf E. Sonneveld wrote: >> Well, on the envelope level there's not much that carries over >> from end to end, is there? The only thing that comes to mind is the >> MAIL FROM itself (with the remark made by Eliot, see above) and the >> use of DKIM in combination with something like BATV. > > It's that MAIL FROM:<> that might be interesting (I still won't say > for sure).
The general mindset is to consider email being sent along fixed paths, as if being carried by imaginary Internet Mail Tubes. Some want to define these tubes by the Mail From, since that better accommodates mailing lists. Others want to see these tubes defined by the From address as this could better mitigate fraud. However, there remains the problem created by mailing lists, which are not easily resolved by attempts at combining a network of From and Mail From Tubes. There needs to be a name based effort started where Hostnames, Mail From, and DKIM signers are handled on a name basis. Since email is not actually carried by email Tubes along specific paths, and name to IP address relationships is actually rather diverse. The problem set appears rather complex. However, when viewed at the specific hostname, there is no diversity, but instead elegant simplicity. It appears EHLO offers the _best_ means to control abuse at the envelope level by name. So what EHLO names can be trusted? Why not let originating domains vote? Why not let senders list in a scalable manner which names they trusting to handle their Mail Tube. This type of information would make it easy for anyone to determine which names can be trusted, without reliance upon a centralized authority. In other words, no batteries would be needed. It seems that some providers are fearful of this approach, as this places accountability on the entity actually handling the Mail Tube. Providers need to stop trying to hide. Have their IP address and hostname listed in Authentication-Results. Allow originating domains an ability to list all the other domains they trust to handle their Mail Tube. That way, in a manner fairly similar to that used by Google in ordering search results, it will become obvious which domains are and can be trusted to handle a mailing list or third-party signing responsibly. -Doug _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
