On Wed, Jun 06, 2007 at 10:32:13AM -0400, The IESG <iesg-secretary@xxxxxxxx> wrote a message of 30 lines which said: > - 'Email Submission: Access and Accountability ' > <draft-hutzler-spamops-07.txt> as a BCP It seems that there is not a lof of content left from the first, much more normative versions of this document, which were issued a long time ago. Among what is left, I'm concerned about section 3.1 "Best Practices for Submission Operation" which says "It is also suggested that operators standardize on the SUBMISSION port for both external AND LOCAL users for simplicity." and "MSAs MUST perform authentication on the identity asserted during all mail transactions on the SUBMISSION port". Since section 5 "Message Submission Authentication/Authorization Technologies" mentions only SMTP AUTH and TLS, does it mean that authentication by IP addresses is forbidden? I ask so because it is currently the most common way to weakly authenticate local users. Is it covered by "Depending upon the environment, different mechanisms can be more or less effective and convenient"? Side note: on Unix, will cron be forced to authenticate to send emails at 2 am? :-) _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf