In article <d020e8d0-f7ab-6bfc-b65f-250f7bf9e75e@xxxxxxxx>, Michael Thomas <mike@xxxxxxxx> wrote: >> XMPP differs from SMTP and SIP because there are no intermediate >> domains - traffic passes from the source domain to the >> destination domain directly, and in effect the concepts inherent in >> DKIM and SPF about authorised senders are baked into the basic protocol. > >Ah, ok. Most likely the vast majority of email probably has that >property too, but not all of it. By volume I believe that the majority of non-spam mail is sent by third party service bureaus on behalf of clients. They generally have an arrangement so the bureau can put the client's DKIM signature on the mail. >> Yes, but SMTP-Auth closes that circle. Sorry, I don't know what you're referring to by SMTP-Auth. Do you mean authentication when connecting to a submission server? That's useful but there's no necessary link between the submission-time authentication identity and anything in the mail, and an awful lot of mail is sent in ways that don't involve a submission server. >But for the average SIP spam/phishing case the user part probably >doesn't mean much. I really have no clue who gladys@xxxxxxx is, but I >sure do want to know if irs.gov claims she's one of theirs. ... Talking to some people at big telcos I get the impression that they plan to use STIR/SHAKEN more or less the way mail systems use DKIM, not to try to identify individuals sending message, but to develop a repuation for inccoming message streams and to handle streams with a lot of crud differently from streams without. -- Regards, John Levine, johnl@xxxxxxxxx, Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. https://jl.ly
