On Sun, 2007-02-18 at 13:20 -0800, Douglas Otis wrote: --- The safe way forward would be to demand that security be considered first and foremost. In a store and forward scheme, start the chain of identification from the transmitting entity, where the originating entity is then able to authorize the transmitting entity when they differ. --- As clarification, validating public transmitters, and assuring email-addresses by way of transmitter authorizations should be considered separate events. In the case of DKIM, it is much easier and safer to distinguish between public and private transmissions. This recommendation should not be considered a suggestion for reverting to using something as cumbersome as bang addressing. Identifying public transmitters permits feedback that can offer protection for IP address reputations. Nor will email-address assurances identify message authors. The lack of a transmitter authorization where such is normally obtained simply signals recipients to be cautious with a message. -Doug _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf