On Tue, 20 May 2008, Ned Freed wrote: > > > If the client can't use its normal submission server then I don't see > > what use a message submission protocol extension would be :-) > > Firsst of all, I said nothing about not being able to use. There are > plenty of reasons (speed, policy, separate environment) why I might be > able to reach one server but prefer or be required to actually use > another for submission.
I think this points out something important that could perhaps be made more explicit in the specification. BATV is designed for the usage model where you must use the domain's submission servers if you want to send email claiming to be from that domain, and all the submission servers must implement BATV. (It has a lot in common with DKIM in this respect.) So if you deploy BATV and you have users with configurations that don't conform with this model, they'll have to change even if that makes submission slower or less convenient. If you deploy BATV and your policies say clients on such-and-such a network must use such-and-such a submission server, then that submission server had better be configured to correctly tag messages for all the relevant domains, or you must adjust your policies. So I think all the reasons quoted above are, by design, not supported by BATV. I also don't think there's any point in adapting BATV to remove this limitation unless the same adaptations work for DKIM or origin-domain security protocols in general. Tony. -- f.anthony.n.finch <[EMAIL PROTECTED]> http://dotat.at/ FORTIES: NORTHWESTERLY BECOMING VARIABLE 3 OR 4. MODERATE. FAIR. GOOD.
