[mail-vet-discuss] Draft as of 7/17/2007
johnl at iecc.com
Sat Jul 28 19:13:08 PDT 2007
I looked at the examples, some of which seem just wrong.
Both C.4 and C.5 show an MTA doing both SMTP AUTH and SPF checks. But
AUTH happens at the point of injection, while SPF happens at the
border MX. It makes no sense to do them at the same place. (If the
point of injection is the same as the border MX, the mail is local.)
If you intend for this to include reports on SMTP AUTH, which I think
it should, there's a bunch of changes I would suggest.
The last paragraph in section 1.3 on page 5 says that the
authentication happens at a border MTA or delivery MTA. That's not
really right. Some tests only make sense at specific MTAs, e.g., AUTH
happens at the injection MTA, and SPF and Sender-ID happen at the
I would change it to say that the sender authentication reports for
path-sensitive methods should only be added at the points where those
methods make sense, and SHOULD NOT be added elsewhere.
More information about the mail-vet-discuss