In article <15ac87e6-07b4-b3bd-5b55-8d0516a45fb5@xxxxxxxx> you write: >>>> Yes, but SMTP-Auth closes that circle. >> Sorry, I don't know what you're referring to by SMTP-Auth. Do you >> mean authentication when connecting to a submission server? That's >> useful but there's no necessary link between the submission-time >> authentication identity and anything in the mail, and an awful lot of >> mail is sent in ways that don't involve a submission server. > >Thank you for being your normal obtuse self; you know perfectly well >what I mean. Thanks for your vote of confidence, but I still have no idea what you mean by SMTP-auth. If the client auth's on an SMTP connection it's submission, not SMTP. The only reputatation of SMTP clients is by IP address, generally queried through DNSBLs. In the other direction, clients can authenticate SMTP servers via TLSA or MTA-STS to be sure they're talking to the intended MX, not a middlebox. Don't see what this has to do with SIP, other than agreeing with you that DKIM for SIP would give us everything important that STIR/SHAKEN do with a lot less mechanism.
