dkim-dev
[Top] [All Lists]

Re: [dkim-dev] DomainKeys vs DKIM: Identifying the Sending Domain

2007-05-05 17:40:51
Tim Gokcen wrote:
I guess what I'm really trying to ask here is, does DKIM provide a mechanism to tell the receiving MTA *which* field a particular DKIM signature is intended to apply to?

DKIM specifies which fields are part of the signature. So I suppose the question is what you mean by "apply to". From your earlier notes in this thread, you appear to focus on something akin to authorship.

Well, in the case of our pull-push forwarding system, for example, message headers might include:

From: Joe(_at_)originalemail(_dot_)com
To: Phil(_at_)realrecipient(_dot_)com
Resent-From: pushpullforwarder(_at_)mpathix(_dot_)com
DKIM-Signature: h=From:To:Resent-From:<more>, d=mpathix.com, <etc.>

with a signature whose h= value includes at least all three of those header fields and whose d= value is mpathix.com. To oversimplify things, my problem is how do I make sure that the receiving MTA will go:

"mpathix.com signature that includes several fields..., oh, look, Resent-From is from that domain. I'll do a DNS TXT lookup on the selector (etc.) for mpathix.com and see if it matches this sigature...."

Currently, with DomainKeys, Yahoo goes:

"mpathix.com signature that includes several fields.... nope, neither From nor Sender is from mpathix.com, I can't use this DK signature for anything."

What I'd like is some kind of assurance (or ability to specify) that a receiving MTA will check the Resent-From field (or anything else) when matching the d= parameter. Maybe that lays too much of an onus on the receiving MTA, though. But I guess it's the distinction between "failed to validate because I didn't find the d= value in any outer header" and "ignoring DKIM header validation because I didn't find the d= value in any outer header *that I care about*"

Thanks for the responses so far; they've been very helpful.

--
Tim Gokcen
Mpathix - Development
_______________________________________________
dkim-dev mailing list
dkim-dev(_at_)mipassoc(_dot_)org
http://mipassoc.org/mailman/listinfo/dkim-dev