Re: TECH-ERROR: SenderID sets recomendation for forwarders that are not compatible with RFC 2822

[Douglas Otis <dotis@xxxxxxxxxxxxxx>]

On Mon, 2004-09-13 at 05:51, David Woodhouse wrote:
> On Mon, 2004-09-13 at 05:31 -0700, william(at)elan.net wrote:
>
> > Additionally Received header are specially designated to be trace fields,
> > so they are like a loggin info.
> 
> That's all they are here, surely? In a world where SenderID was
> ubiquitous you'd have mail servers automatically rewriting RFC2821 and
> RFC2822 identities on outgoing mail, and the SenderID validates _only_
> that one hop; it's not end-to-end validation such as PGP, DomainKeys or
> Signed Envelope Senders would offer.
> 
> You end up using a domain-based blacklist instead of the IP-address-
> based blacklists which are already common, but other than that the
> problem hasn't changed much. It's just a way of determining which are
> legitimate mail servers, and which are not.

Neither Sender-ID nor SPF safely allow the implementation of a name
based blacklist.  I would agree there may be a means of excluding
messages where the SMTP client IP address was not authorized, but
nothing else of significance is possible from this association.  A
positive association does not indicate the mailbox domain holder to be
the originator.  A negative association does not indicate the mailbox
domain holder to be a spammer.

-Doug