nisse@lysator.liu.se (Niels Möller) wrote 04 Oct 2004 16:16:16 +0200:
| No. Current spec: | | MAIL FROM | RCPT TO | XHASHCASH-stuff | DATA | | An alternative organization is: | | MAIL FROM | XHASHCASH-stuff | RCPT TO | DATA | | Then the reply code for the RCPT can contain the definitive answer as | to message acceptance.
The XHASHCASHADVISE extension will then have to move to MAIL FROM. The MAIL FROM response is unable to suggest keys to use for authentication. The sending MTA will have to guess if a given key is valid or not, with the risk of being rejected as a spammer with fake auth.
Should we add anotother extension (XHASHCASHADVISEAUTH) to RCPT, with a response that can inform the sending MTA about valid keys for sender/recip pair?