[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Authorization Mechanisms
> In recasting the submit document as a BCP, I've added a section on
> methods to ensure a submitter is authorized. I have SMTP AUTH, IP
> address restrictions, and the POP login methods.
> Are there others that should be mentioned?
Well, there's signing messages (I've seen this used once or twice), there are
DNS checks (e.g., a IP --> (PTR) --> name --> (A) --> IP check and see there's
a match and the name in the middle is OK), and there are nonstandard SMTP AUTH
equivalents. I strongly recommend that the latter two not be mentioned.
Mentioning the first would be fine if you think it is worth it.