Re: SMTP AUTH design-team meeting addendum

[Ned Freed <Ned.Freed@xxxxxxxxxxxx>]

> I wish we could include a non-normative appendix with the three primary
> usage scenairos for SMTP AUTH in combination with port 25.  But I think
> this is better deferred for an applicability statement produced after SMTP
> Submit and the revised SMTP specs are published:

I agree. I also think that waiting for some experience in the field would be
wise. Based on numerous conversations with customers over the years I *think* I
know how people are going to use SMTP AUTH, but experience has shown that
deployment of a facility can lead to uses its designers and/or implementors
never thought of. And given the rapid uptake we're seeing on SMTP AUTH already
I suspect we'll be surprised at the things people come up with.

> An SMTP server on port 25 allows delivery to local users without
> authentication, but requires SMTP AUTH to relay mail to non-local users.

> An SMTP server on port 25 allows delivery to local users without
> authentication, but requires either SMTP AUTH or access from a trusted
> subnet to relay mail to non-local users.

> An SMTP server on port 25 is used only for delivery to local users, does
> not advertise SMTP AUTH and does not relay mail to non-local users.  A
> separate SMTP server on a different port or different machine is used to
> "submit" mail and requires the use of SMTP AUTH.

I'd put your #2 before your #1, but otherwise this seems like the right
set of initial applications for SMTP AUTH. But as I say, we may be surprised
at how this plays out.

				Ned