ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] DKIM signature can mean it's safe to generate bounce?

2007-07-06 18:04:38


Michael Thomas wrote:
If the mail is sent by dick(_at_)earthlink(_dot_)net (or a virus on their machine), with an envelope from address of jane(_at_)earthlink(_dot_)net out through the DKIM stamping earthlink smarthost and you generate a bounce, that bounce will go to Jane.
Sure, but at least it's reduced to an intra-domain problem which earthlink
has the capacity to remedy.

I probably should have commented on this in my first reply to Steve:

Originating sites are not currently expected to validate return addresses. The scheme I've suggested means that the return address is, in fact, validated.

How can a potential bounce generator know whether this particular message has a validated return address? Note that the mere presence of a DKIM signature does not guarantee this particular validation issue.

That's why the SSP-type record might be necessary.

d/

--

  Dave Crocker
  Brandenburg InternetWorking
  bbiw.net
_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>