Paul Hoffman wrote:
> At 11:54 AM +0000 1/28/08, Charles Lindsey wrote:
>> I think all you need, as Frank has pointed out, is a security
>> consideration to the effect that
>>
>> "Verifiers should be aware that Bad Guys may attempt to subvert the
>> intentions of SSP by submitting messages that are non-compliant with RFC
>> 2822 (for example by using empty From headers, mutiple From headers, Etc
>> {i.e. list a few examples, but not too may }).
Unfortuntately, good guys (fsvo "good") do this to. I think we need to
add to this by saying that they should be considered SSP unknown, but
not suspicious or whatever the new phrase that replaces suspicious is.
I agree that the quoted text is a bit too focused on Bad Guys and makes it
sound like any incompliance is likely the result of Bad Behavior when in fact
ignorance - still the most powerful force out there - is a far more likely
cause.
But beyond that, I have to say I'm a bit confounded by the concern for invalid
messages shown here. There are a gazillion ways for messages to be invalid and
attempting to account for them all in our specifications is a practical
impossibility. And yet many members of this group seem to have no problem
blithely ignoring various legitimate protocol features. I find this dichotomy
to be more than a little perflexing.
Ned
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html