ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] Re: ISSUE 1525 -- Restriction to posting by first Author breaks email semantics

2008-01-22 19:16:27
from [Douglas Otis] [Permanent Link] 

On Jan 21, 2008, at 10:57 AM, Jim Fenton wrote:
You're reading this a little out of context. This isn't about whether the message is legal or not, it's for determining whether the Sender address can be used as a "tie breaker"to select among multiple From addresses to determine which domain should be used for an SSP lookup.
I'm thinking that if we want to be thorough in handling this case (and the fact that there have been ~110 messages on this thread, despite the fact that it's an exceedingly rare corner case, seems to suggest that we do) then SSP lookups should be performed on the domain(s) of all address(es) in the From header field, excluding those addresses for which there is a valid Author Signature. 

Jim,
While RFC 4871 did not impose limits on the number of email-address domains contained within the From header, it seems dangerous and unlikely supported to suggest all email-addresses fitting within a From header should be searched for SSP records. Imposing a limit requires messages with too many email-addresses within the From header to be considered "SSP non-compliant". Setting a limit would be incumbent upon SSP to ensure interchange. There must be some level of email-addresses that are considered compliant. (Of course, indicating a policy is only established by the first email-address within the From header avoids this problem.)
The statement "excluding those addresses for which there is a valid Author Signature" needs to be rephrased. This really depends upon the definition given "Author Signature" of course. To make this clear, the statement would be- 

 excluding those addresses for which there is a valid
 signature where the d= domain tag is at or above the
 email-address's domain.  Signatures using a g= restricted
 key will be considered SSP non-compliant for "strict"
 or "all" when not on behalf of an email-address within
 the From header.
This clarification overcomes yet another corner case where an office admin within the same domain sends a message on behalf of their manager. This definition allows the signing domain to both indicate they sign "all" mail, and accurately indicate which entity introduced the message. The signature's domain is seen as valid for the From email-address, while also being on-behalf-of the Sender email-address within the same domain. The only exception needed would be for g= restricted keys. 

-Doug
_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] Re: ISSUE 1525 -- Restriction to posting by first Author breaks email semantics, Jim Fenton
Next by Date:  Re: [ietf-dkim] Seriously., John Levine
Previous by Thread:  Re: [ietf-dkim] Re: ISSUE 1525 -- Restriction to posting by first Author breaks email semantics, Jim Fenton
Next by Thread:  Re: [ietf-dkim] Re: ISSUE 1525 -- Restriction to posting by first Author breaks email semantics, Jim Fenton
Indexes:  [Date] [Thread] [Top] [All Lists]