On Sun, 2007-01-28 at 18:59, Cristóbal Palmer wrote: > On 1/28/07, Jason Faulkner <[EMAIL PROTECTED]> wrote: > > If you allow authorization of senders via DNS, doesn't it take out > > most of the benefits Jon was talking about? > > No. You would act as their mail server. They would list you as one of > their mail servers. What did you think I meant? That the recipient or > next hop would check to see if your domain (eg. intellicontact.com) > was a valid sender? > > Or maybe I misread Jon. How _should_ we deal with companies with > products like intellicontact? > > -CMP
I agree with Cristóbal, Intellicontact would have to become a valid server for that domain. And now lets take it up a notch, since we want to design our own SMTP-like protocol (TriLUG-SMTP)... lets include a 128 bit digital signature line as a header in the email. The digital header can also act as authorization for the mail. Any mail server that the message passes through, can then check this header to insure that the email is authentic. The header would have to be unique for the email - generated at the time the email is sent. Checking the Authentication of this header could be a function of the domains DNS service. We would have to ratchet up DNS a bit, but folks are already attempting this with other email authentication schemes, and it seems acceptable to the general masses. You wouldn't have to check the authentication of every message passing through, but you could if you wanted to. Ideally though, you would just check the ones that seem suspicious. If your email client wasn't capable of generating the digital signature, then you would have to drop your mail off at your domains server using an TriLUG-SMTP login for the drop off. The mailserver would then generate the digital signature for that email and subsequent mail servers could use that for authentication if necessary. This would allow us to move the standard out into the world and have it work immediately for some folks. Eventually, the ratio of unsigned-mail/spam would approach 1, and folks would simply stop accepting unsigned-mail... Especially since folks can either drop off mail using an authenticated Send using TriLUG-SMTP with their domain server - or in extreme cases, using a web-based email client to send out their mail (till they can install a free mail client that *does* meet the new standard). Jon -- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
