Tim Gokcen wrote:
I guess what I'm really trying to ask here is, does DKIM provide a
mechanism to tell the receiving MTA *which* field a particular DKIM
signature is intended to apply to?
DKIM specifies which fields are part of the signature. So I suppose the
question is what you mean by "apply to". From your earlier notes in this
thread, you appear to focus on something akin to authorship.
Well, in the case of our pull-push forwarding system, for example, message
headers might include:
From: Joe(_at_)originalemail(_dot_)com
To: Phil(_at_)realrecipient(_dot_)com
Resent-From: pushpullforwarder(_at_)mpathix(_dot_)com
DKIM-Signature: h=From:To:Resent-From:<more>, d=mpathix.com, <etc.>
with a signature whose h= value includes at least all three of those header
fields and whose d= value is mpathix.com. To oversimplify things, my problem
is how do I make sure that the receiving MTA will go:
"mpathix.com signature that includes several fields..., oh, look,
Resent-From is from that domain. I'll do a DNS TXT lookup on the selector
(etc.) for mpathix.com and see if it matches this sigature...."
Currently, with DomainKeys, Yahoo goes:
"mpathix.com signature that includes several fields.... nope, neither From
nor Sender is from mpathix.com, I can't use this DK signature for anything."
What I'd like is some kind of assurance (or ability to specify) that a
receiving MTA will check the Resent-From field (or anything else) when
matching the d= parameter. Maybe that lays too much of an onus on the
receiving MTA, though. But I guess it's the distinction between "failed to
validate because I didn't find the d= value in any outer header" and
"ignoring DKIM header validation because I didn't find the d= value in any
outer header *that I care about*"
Thanks for the responses so far; they've been very helpful.
--
Tim Gokcen
Mpathix - Development
_______________________________________________
dkim-dev mailing list
dkim-dev(_at_)mipassoc(_dot_)org
http://mipassoc.org/mailman/listinfo/dkim-dev