ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] where the message originated

2009-01-12 15:51:32
from [Franck Martin] [Permanent Link] 
I'm curious when you say ADSP is always keyed of the real live From address? 
You talk about the From: and not the Mail From: (Return-path)?

as a side note, all this SSP/ADSP processing looks like a blackbox (or black 
magic) to me. There is no recommended practices and no one explain what they do 
to filter mail. like in the statement "AOL will use DKIM to do build reputation 
based on domain", what does it mean?

We know well about spamassassin, DNSBL, DCC but this is about it. I thought 
security by obscurity was a bad idea? ;)

----- Original Message -----
From: "Michael Thomas" <mike(_at_)mtcc(_dot_)com>
To: "Anti-Spam Research Group - IRTF" <asrg(_at_)irtf(_dot_)org>
Cc: dcrocker(_at_)bbiw(_dot_)net
Sent: Tuesday, 13 January, 2009 8:24:24 AM (GMT+1200) Auto-Detected
Subject: Re: [Asrg] where the message originated

Franck Martin wrote:

I have run a series of tests, where I sign a message (sent by me) but with 
only the Return-path containing my domain (DKIM does not sign the return-path 
as recommended in the spec).

I used the DKIM reflectors on www.dkim.org

and the assessment I got was: neutral (none of the signed field contain the 
domain of the signer).

like if it is wrong.

I think it should be a pass. I fear that many people that verify DKIM make 
the same mistake.


   Note that this not about DKIM but about SSP/ADSP and Authentication-Results.
   I believe that the SSP/ADSP result should be neutral, but that the DKIM
   result is "pass". A lot of the reflectors haven't been updated for quite a
   while, and the earlier drafts of Auth-Res didn't make a distinction between
   DKIM and SSP/ADSP. So, true to form, differing implementations did differing
   things in the face of the ambiguity.



I'm thinking of adding an X-header that will contain my domain and sign it 
via DKIM and see if the reflectors are happier.


   I _think_ that my reflector does the right thing in that it separates out the
   dkim results from the ssp results, but I'm pretty sure that it's out of date
   wrt both the new auth-res draft and the adsp draft.

   In either case, an X-header isn't going to change anything. The ADSP part is
   always keyed of of the real live From address.

                Mike
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] where the message originated, Michael Thomas
Next by Date:  Re: [Asrg] where the message originated, Dave CROCKER
Previous by Thread:  Re: [Asrg] where the message originated, Michael Thomas
Next by Thread:  Re: [Asrg] where the message originated, Robert Barclay
Indexes:  [Date] [Thread] [Top] [All Lists]