I'm curious when you say ADSP is always keyed of the real live From address?
You talk about the From: and not the Mail From: (Return-path)?
as a side note, all this SSP/ADSP processing looks like a blackbox (or black
magic) to me. There is no recommended practices and no one explain what they do
to filter mail. like in the statement "AOL will use DKIM to do build reputation
based on domain", what does it mean?
We know well about spamassassin, DNSBL, DCC but this is about it. I thought
security by obscurity was a bad idea? ;)
----- Original Message -----
From: "Michael Thomas" <mike(_at_)mtcc(_dot_)com>
To: "Anti-Spam Research Group - IRTF" <asrg(_at_)irtf(_dot_)org>
Cc: dcrocker(_at_)bbiw(_dot_)net
Sent: Tuesday, 13 January, 2009 8:24:24 AM (GMT+1200) Auto-Detected
Subject: Re: [Asrg] where the message originated
Franck Martin wrote:
I have run a series of tests, where I sign a message (sent by me) but with
only the Return-path containing my domain (DKIM does not sign the return-path
as recommended in the spec).
I used the DKIM reflectors on www.dkim.org
and the assessment I got was: neutral (none of the signed field contain the
domain of the signer).
like if it is wrong.
I think it should be a pass. I fear that many people that verify DKIM make
the same mistake.
Note that this not about DKIM but about SSP/ADSP and Authentication-Results.
I believe that the SSP/ADSP result should be neutral, but that the DKIM
result is "pass". A lot of the reflectors haven't been updated for quite a
while, and the earlier drafts of Auth-Res didn't make a distinction between
DKIM and SSP/ADSP. So, true to form, differing implementations did differing
things in the face of the ambiguity.
I'm thinking of adding an X-header that will contain my domain and sign it
via DKIM and see if the reflectors are happier.
I _think_ that my reflector does the right thing in that it separates out the
dkim results from the ssp results, but I'm pretty sure that it's out of date
wrt both the new auth-res draft and the adsp draft.
In either case, an X-header isn't going to change anything. The ADSP part is
always keyed of of the real live From address.
Mike
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg