How DMP Works

DMP works by letting a domain administrator tell everyone which mail servers are allowed to send mail on behalf of its domain.

When a DMP-aware mail system receives a connection from a mail client, it can ask the sender's domain if the connecting client is allowed to send mail on its behalf. The DMP-aware client does this using the Domain Name System (DNS) and the sender's domain stores this information in its DNS records.

The Domain Name System was chosen to store this information because control of this information remains with the domain's administrators, who should have authority on who may use their domain name.

Example of How DMP Works

A DMP-aware server answering a connection from a DMP-participating domain would follow these or similar steps:

1. (Client) "I have mail from (user@my.domain)"
2. The server looks up a special domain name record, formed from the connecting client's network address and the domain in the "mail from" address, using DNS.
3. The client domain's DNS servers, through normal DNS processes, would answer back with a "yes," "no," or "maybe."
4. If "yes," the server responds, "OK, you're sending me mail from (user@my.domain)," and proceed as it normally would to accept the e-mail.
   If "no," the server responds, "ERROR, you're not allowed to send me mail from (my.domain)."
   If "maybe," there are other steps the server could take.

The result is the administrators of the sender domain can control who is allowed, and not allowed, to send mail on behalf of their domain.