> so, whether we use esmtp as a bearer channel is indeed irrelevant, okay, that's what I was thinking too. but I also don't see any particular utility in authenticating either the source IP address or the mail from address, and a fair amount of disadvantage to both; I think we need a different token to authenticate the sender. a lot of the problems with some of the existing proposals is that they try to overload the existing from or mail from addresses too much. even RFC 822 recognized that Sender is different than From is different than Return-Path. > but those are HUGE elements of the (e)smtp model, and the resulting protocol > can in my opinion be called "new" even if it looks superficially like what > we do now. there's absolutely no reason to use the same port number, for > example. there's no fallback. I don't share your opinion that everyone will want to switch completely. significant numbers of users will need fallback, at least for a transition period. I would far prefer a solution that lets mail recievers turn a knob that pessimizes handling of unauthenticated messages more and more (as more and more legitimate senders start authenticating messages) than one which forces receivers to maintain separate servers. (I'd also rather avoid the "how do we design a new mail protocol" pandora's box - the amount of second-system effect would be huge, and it would take years to sort it out) even if we had to retro-fit something very different onto port 25, it would probably be more attractive to negotiate the new protocol within ESMTP than to have a different protocol on a different port.