Paul's Mailfrom (Was: IETF SMTP Working Group Proposal at smtpng.org)
Jim Hickstein
jxh at jxh.com
Wed Aug 28 05:58:26 UTC 2002
--On Tuesday, August 27, 2002 9:01 PM -0700 David Schwartz
<davids at webmaster.com> wrote:
>> Your secure mail server (i.e. me) just has to be named in a MAIL-FROM MX
>> record. We do DNS for some of our customers, and can add this trivially;
>> the others control their own zones. Works for me.
>
> How would this stop the destination mailservers from rejecting the mail
> forwarded by the secure server? Remember, the situation is that I don't
> trust my ISP to see my outbound mail (because that's where warrants are
> likely to be served or interception hardware would likely be
> surreptitiously inserted). So I don't want my outbound mail passing
> through my ISP unencrypted.
Given this extraordinary requirement, either you wouldn't be my customer,
or you'd better encrypt at the endpoint (though pipes leak best out the
ends). Or you can pony up the money for your own host on a dedicated
circuit so _it_ can be in the MAIL-FROM MX for your domain (of course
you'll need your own domain), and then you and your ISP can argue about
traffic analysis and acceptable use.
Still doesn't fundamentally break the proposal in hand, it seems to me.
You always get to not publish the repudating information if you don't want
people to use it.
More information about the NANOG
mailing list