Aaron Knauf wrote:
I think the grey line needs to be drawn based on whether or not the header will actually be used by another mail server.Yeah, for how I was thinking, it's not really necessary because of how the SMTP routing is setup. Hmm, tried to write the text to explain this a few times, so maybe a diagram would help...
What do X-Antivirus and X-spam-rating get used for outside of the servers that add them. It seems to me that certifying that a message is not spam and/or is virus free would require that
1) the certifying host be trusted by the receiving host
and 2) the certifying host sign the header
This is quite a lot of infrastructure to support, but may be useful moving forward. Probably not something that JAMES should spearhead, though.
- Say you've got pool of mail servers [A] that receive incoming SMTP traffic for port 25.
- Then you've got a pool of mail servers that do spam/virus scanning. call those [B], although they could very well be the same as [A].
- Then you've got internal mailbox server(s) [C] and clients [D].
It's fine for [C] and [D] to look at that those headers without needing signatures or anything fancy, because for a message to get to them, they had to have come through [A] and [B]. Even if [A] [B] and [C] are the same box, that client [D] can know that any message in its inbox that the header wasn't spoofed.
I think what you're talking about in terms of relying on 3rd party mail servers (like you use an off-site virus-scanning package or the like) would be a lot of infrastructure and not something James needs to spearhead.
--
Serge Knystautas
Loki Technologies
http://www.lokitech.com/
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
