Re: Why we should choose the RFC2821 MAIL FROM/HELO identities

[Yakov Shafranovich <research@xxxxxxxxxxxxxxx>]

Hallam-Baker, Phillip wrote:

> > Layers are tools for design, as well as analysis.  Collapsing layers
> > requires very, very careful attention to the implications.
>
>
> When you are dealling with a twenty year old protocol you are likely
> to find that the reason it is failing is that the original layering
> design was inappropriate for current uses.

I am not sure this is true in this case. The problem is one of trust and 
it has nothing to do with layers. If we have a system in place to 
somehow exchange trust information about MTAs there is no reason to mix 
layers.

This is why I think that HELO checking might be sufficient. Many people 
have already stated that MAIL FROM without a reputation/accreditation 
hook is useless. A HELO mechanism would provide such hook without a need 
to some of the more painful changes involved with MAIL FROM and RFC2822 
checking. Once you establish trust of a given MTA, than you can trust it 
to supply you with non-forged information.

Yakov