Re: Paul's Mailfrom (Was: IETF SMTP Working Group Proposal at smtpng.org)

[David Van Duzer <dvanduzer () infidels org>]

On Mon, 2002-08-26 at 15:47, Scott Gifford wrote:
> The problem that this deals with is the user who needs to dial in to
> AOL and send mail from their corporate account.  The proposed solution
> is to tunnel mail through the corporate server, by proving your right
> to relay via SMTP AUTH or else via a VPN.
>
> To make this work well requires support for SMTP AUTH and probably
> STARTTLS (unless the company implementing this proposal wants
> cleartext passwords flying over AOL's network) for all domains which
> want to support Paul's proposal.  This isn't necessarily all that
> unreasonable, but should be spelled out more clearly, and makes
> implementation much more involved.


Precisely.  It's only an issue for those who implement the feature. 
Another thought that came to mind was a sort of hybrid between this and
the central registry of trusted servers.

Rather than maintain a central registry, the mail-from server could
provide its own registry of trusted keys for its own domain.  Granted,
this is probably just as complicated as widely implementing SMTP AUTH,
but it does give a little more flexibility for those complaining that
this would break "home-grown" mail servers.

What I am mostly curious about is if there are any potential problems
with those who choose to ignore the feature entirely.

-dvd