Pekka,
Thanks for the quick and careful review.
Submission Authentication:
MSAs MUST perform authentication on the identity asserted
...
==> w/ local submission, is the IP address being local sufficient? I don't
think the doc takes a stance on this, and this is pretty important as those
You are correct. It does not take a stand. That is intentional.
1) there are many, competent techniques.
2) this is not a document about authentication (and the topic is complex).
3) the choices for particular environments depend on multiple factors.
So we decided to state the need and leave how to satisfy it to local operators.
Traffic Identification -- External Posting Versus Relaying:
For email being received from outside their local
operational environment, email service providers MUST
distinguish between mail that will be delivered inside that
environment, versus mail that is to be relayed back out to
the internet.
...
==> what does traffic identification (at MTA?) have to do with message
submission ?
Assuming I've got the nature of your question correct:
"Open Relays" perform message submission, by allowing traffic to be routed
through them, *from* the Internet and then *to* the Internet. However they
are not intended to be submission agents and they have been a major problem,
exploited by spammers. This characterization of "traffic identification" is
to distinguish open relaying from legitimate receipt of mail that is for
recipients within the Common Operating Group (COG)* of the receiving MTA.
When a message comes from the Internet and is destined for the COG* that
the MTA is part of, then that is relaying. When it is, instead, destined
to go back to the public Internet, it is really a message submission
mechanism, and this BCP specifies a requirement for accountability of the
source, during the submission event.
It is not possible to require message authentication on mail relaying
activities, without changing the usage fundamentals of Internet Mail. By
contrast, it is reasonable and appropriate to require that message
submissions authenticate their source.
So, the nature of mail coming in from the Internet needs to be distinguished
between these two functions.
d/
--
Dave Crocker
Brandenburg InternetWorking
<http://bbiw.net>
_______________________________________________
Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf