Policy Proposal 2007-2: Documentation of the Mail-From Authentication Method

Paul Vixie,
Mark Kosters,
Chris Morrow,
Jared Mauch,
Bill Woodcock

Proposal

Proposal type: New

Policy term: Permanent

Policy statement:

DELETION FROM THE NRPM

12.1 Mail-From
This section intentionally left blank.

ADDITION TO THE NRPM

12.1 Mail-From
Mail-From is the default authentication method by which registration records are protected from vandalism. If a registrant fails to designate a more secure method, any subsequent email which bears the sender address of an authorized Point of Contact may be deemed authentic with regard to the registrant's records. Since it is trivial to forge a sender address, Mail-From should not be regarded as secure. Use of Mail-From authentication is not recommended to any registrant who has the means to implement either of the more secure cryptographic authentication methods.

Rationale:

This policy complements the previously-proposed "Reinstatement of PGP Authentication Method" which introduces section 12 to the NRPM. Section 12 relates the existence of three authentication methods. Two of those, mail-from and X.509, were preexisting but not documented within the NRPM.

This policy proposal simply seeks to provide brief documentation of the existence of the mail-from authentication method. Because the specific wording of the documentation may be subject to debate, and is in no way interdependent upon the documentation of the other two methods, it is being proposed in a separate policy, so that consensus may be more easily reached.

Timetable for implementation: Immediate

Relevant Navigation

• Number Resource Policy Manual

Specific Policy Sections

• - IPv4 Policies
• - IPv6 Policies
• - ASN Policies
• - Transfer Policies

Other Policy-Related Material

• Internet Resource Policy Evaluation Process
• Policy Proposal Archive
• Public Policy Meeting Minutes
• RIR Comparative Policy Overview

© 1997 - 2008
American Registry for Internet Numbers,
All Rights Reserved.