It appears that Viktor Dukhovni via mailop <[email protected]> said: >Therefore, in the context of MTA-to-MTA (port 25) email relaying, a client >certificate could perhaps be used as a lookup key for client reputation, >that could be more robust than an IP address. ...
Someone pointed out a use case here which is different from DKIM. You could treat the client cert domain as authenticating bounce addresses. That is, if the cert is fooble.com and a message has MAIL FROM:<[email protected]>, that makes the recipient system a lot more confident that the bounce address is real, and that it would be OK to send a delayed bounce to that address. There's still practical issues like where you're going to get client certs and how to tag the mail internally as authenticated bounce, and of course this doesn't work for more than one level of relay. But it might be interesting. R's, John _______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
