Date: 19 Feb 1999 07:43:54 -0000
Message-ID: <19990219074354.4724.qmail@cr.yp.to>
From: "D. J. Bernstein" <djb@cr.yp.to>
To: drums@cs.utk.edu
Subject: Re: editing status of 821bis, draft -10.
References: <19990217221927.26450.qmail@cr.yp.to> <199902182340.SAA08622@lorax.whoville.leftbank.com>

How about this: A client MUST NOT attempt to send mail to a server
without authorization. There are several common forms of authorization:

   * ``domain MX server'' in DNS constitutes public authorization to
     send mail for that domain to that server. (It is the responsibility
     of the domain owner to obtain permission from the server owner
     before setting up DNS records mentioning that server.)

   * ``domain A server'' in DNS constitutes public authorization to send
     mail for that domain to that host _if_ there are no MX records for
     the domain.

   * A typical Internet service provider sets up one or more servers and
     informs its customers that they may use those servers to relay
     outgoing mail to any domain.

This is not an exclusive list.

Ofer Inbar writes:
> Some people believed these rules should be separate
> from the SMTP protocol.

Modularity is a good thing. SMTP is used in many contexts other than TCP
connections to MX->A port 25; Klensin's draft makes it unnecessarily
difficult to describe those contexts. This is not a new observation.

> One person brought up the "as if" rule to justify this position

No. That was a response to ``clients aren't required to use MX records
but have to know how.'' (Paraphrased.)

---Dan