Paul's Mailfrom (Was: IETF SMTP Working Group Proposal at smtpng.org)

Scott Gifford sgifford at suspectclass.com
Mon Aug 26 22:23:05 UTC 2002


David Van Duzer <dvanduzer at infidels.org> writes:

> On Mon, 2002-08-26 at 15:47, Scott Gifford wrote:
> > 
> > The problem that this deals with is the user who needs to dial in to
> > AOL and send mail from their corporate account.  The proposed solution
> > is to tunnel mail through the corporate server, by proving your right
> > to relay via SMTP AUTH or else via a VPN.
> > 
> > To make this work well requires support for SMTP AUTH and probably
> > STARTTLS (unless the company implementing this proposal wants
> > cleartext passwords flying over AOL's network) for all domains which
> > want to support Paul's proposal.  This isn't necessarily all that
> > unreasonable, but should be spelled out more clearly, and makes
> > implementation much more involved.
> 
> 
> Precisely.  It's only an issue for those who implement the feature. 
> Another thought that came to mind was a sort of hybrid between this and
> the central registry of trusted servers.

If a large ISP, say AOL, implements this, and I operate the mailserver
with users who send (relay through me) mail with a from address of
their (legitimate) AOL account, I'm choosing to ignore the feature
entirely, but it's still affecting me and my users.

If a large ISP, say AOL, implements this, and I'm an end-user trying
to send mail with a from address at my (legitimate) AOL account, I'm
choosing to ignore the feature entirely, but it's still affecting me.

I know this isn't what you're looking for, but individual domains
aren't so isolated that you can implement this sort of thing without
zero effect on other mailservers.

You really have to solve the whole problem before it becomes usable at
all.  I'm not saying it's an unsolvable problem, just that these two
issues need to be better addressed before it's a usable suggestion.

----ScottG.



More information about the NANOG mailing list