On Feb 14, 2006, at 2:17 PM, Hector Santos wrote:
Verifying the HELO would be analogous to checking a wax seal on an
envelope.
First, "Wax Seals" are user based and optional. The HELO Client
Domain Names (CDN) are not.
A verifiable HELO is optional.
Second, the HELO CDN would be more analogous to the postal service
postmarks indicating the time of processing, postal office,
location, etc, that handled the processing and delivery of the parcel.
Verification of the HELO in conjunction with an association to the
signing-domain is a means to discern the integrity of the message
envelope. Both the HELO and signing-domain are not related to a
third-party identification akin to that of a post-office postmark.
The trust established by DKIM is for the prefatory domain,
independent of the message envelope or any email-address. An
verified HELO associated with the signing-domain provides an
assurance the message envelope has been obtained first-hand, and thus
has not been altered (analogous to the wax seal).
The realistic fact most people don't bother to look at it, or if
they did, probably couldn't make heads or tails with the
information, it is extremely close, if not exactly equivalent to
how worthless the SMTP client domain name has become today.
A DKIM signature increases the value of a verified HELO, and
conversely, a verified HELO increases the value of a DKIM signature.
Delayed acceptance as a practical strategy might also offer
motivation for ensuring the HELO can be verified and associated with
a signing-domain.
To put trust behave it (HELO), it would be akin to having the same
trust when using a registered or certified mail. Without it,
having the postmarks won't tell you how many "hands" outside the
portal service touched the letter.
An association of the HELO with that of the signing-domain indicates
the message envelope is being obtained first hand. The HELO is not
analogous to that of a postmark, the received header added by a
recipient would provide a better comparison to that of a postmark.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://dkim.org/ietf-list-rules.html