Hi Dave, At 01:11 PM 28-04-2020, Dave Cridland wrote:
RFC 4954 says that it defines a service extension for SMTP, not Submission. It does say the extension is appropriate for Submission, but makes no suggestion that this is any kind of defining factor. Equally, RFC 6409 does not mandate SMTP-AUTH, but does refer to it as exactly that name.
The specification for SMTP AUTH is from 1999. Section 3, Item 6 of the specification states that the extension is appropriate for SUBMIT. RFC 6409 discusses authorized submission. It requires authentication. Given that it is an IETF specification, you probably know how those things get written. :-)
As DKIM was mentioned on this thread, I'll mention that it was introduced several years after the above occurred. DKIM is used in email for "domain-level authentication". As an example, the server at my end determined that your message was ietf.org. That domain stated, after verification, that it received the message from cridland.net.
Last year, I attended a session in which regulators and ISPs discussed what is known as the spam problem. There was a question about the government requesting information about the identity of the (message) sender. It was being done by tracking down the IP address. I had a side discussion as I was a bit puzzled about why it was not based on SUBMIT.
There was a comment on this thread about policing users [1]. I doubt that it is being done in a rigorous manner or else we would not be discussing spam or federation.
Regards, S. Moonesamy 1. https://mailarchive.ietf.org/arch/msg/ietf/SIbWiyEM8q8NxQAzhkby2ZHFwJg