ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] DKIM signature can mean it's safe to generate bounce?

2007-07-06 17:42:53
Steve Atkins wrote:

On Jul 6, 2007, at 5:09 PM, Dave Crocker wrote:

Folks,

I'm not sure whether this fits into SSP or not, since it does not seem to require that a record be published. However...

It seems to me that if a message has a DKIM signature and the signing domain matches the domain in the rfc2821.MailFrom command, then it is safe to generate a bounce message to that address.

By 'safe' I mean that one can be confident that the mail will not go to an unwitting victim of a spoofed address.

Am I missing something?

If the mail is sent by dick(_at_)earthlink(_dot_)net (or a virus on their machine), with an envelope from address of jane(_at_)earthlink(_dot_)net out through the DKIM stamping earthlink smarthost and you generate a bounce, that bounce will go to Jane.
Sure, but at least it's reduced to an intra-domain problem which earthlink
has the capacity to remedy.

      Mike
_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>