[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Asrg] 6. Proposals: MTA MARK vs port 25 filtering?

Alan DeKok wrote:

Mark Baugher <mbaugher@cisco.com> wrote:


 We could extend SMTP AUTH to do MTA authentication, but it would
then end up looking like LMAP.

I believe SMTP TLS is intended for MTA authentication.


  Yes, it also solves the security/privacy issue.  But it's
authentication + security, not just authentication.  And I don't think
many MTA's allow STARTTLS with cipher "none".


[..]

  Other methods can potentially extend the authentication of the
message beyond the per-hop limit of STARTTLS.
With LMAP, authentication is done to the originating domain, as opposed to per-hop basis.

However, it seems to me that in cases where someone outsources their email delivery, there will be significant administrative issues since the owner of the domain will have to list all possible outbound servers of the outsourcer in LMAP records. And anytime this information changes, the DNS records need to be updated.

Yakov

-------
Yakov Shafranovich / asrg <at> shaftek.org
SolidMatrix Technologies, Inc. / research <at> solidmatrix.com
"Be liberal in what you accept, and conservative in what you send" (Jon Postel)
-------


_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg