Paul's Mailfrom (Was: IETF SMTP Working Group Proposal at smtpng.org)
David Van Duzer
dvanduzer at infidels.org
Mon Aug 26 22:08:57 UTC 2002
On Mon, 2002-08-26 at 15:47, Scott Gifford wrote:
>
> The problem that this deals with is the user who needs to dial in to
> AOL and send mail from their corporate account. The proposed solution
> is to tunnel mail through the corporate server, by proving your right
> to relay via SMTP AUTH or else via a VPN.
>
> To make this work well requires support for SMTP AUTH and probably
> STARTTLS (unless the company implementing this proposal wants
> cleartext passwords flying over AOL's network) for all domains which
> want to support Paul's proposal. This isn't necessarily all that
> unreasonable, but should be spelled out more clearly, and makes
> implementation much more involved.
Precisely. It's only an issue for those who implement the feature.
Another thought that came to mind was a sort of hybrid between this and
the central registry of trusted servers.
Rather than maintain a central registry, the mail-from server could
provide its own registry of trusted keys for its own domain. Granted,
this is probably just as complicated as widely implementing SMTP AUTH,
but it does give a little more flexibility for those complaining that
this would break "home-grown" mail servers.
What I am mostly curious about is if there are any potential problems
with those who choose to ignore the feature entirely.
-dvd
More information about the NANOG
mailing list