ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] Practices protocol naming poll (Closing issue 1550)

2008-03-20 20:34:08
from [Steve Atkins] [Permanent Link] 

On Mar 20, 2008, at 8:22 PM, Sandy Wills wrote:

Dave Crocker wrote:


Exactly which value of exactly which field or command are you  
referring to?

And how does your desire related to the current *SP specification,  
which
explicitly calls for using the value(s) in the rfc2822.From field?


I don't see how we can get a useful check from this header line:

From: Me(_at_)AOL(_dot_)com, You(_at_)Hotmail(_dot_)com, 
Him(_at_)gmail(_dot_)com, Her(_at_)yahoo(_dot_)com

  There's been a lot of bandwidth invested in discussion of which
address is "right".  First?  Last?  There's no clear best answer,  
which
means there's no _right_ answer that can be put in a spec and used.   
Any
decision made by us will be capricious and without basis, and will be
screwed up by the first email user to forget to put his boss's name  
first.

But we may get something useful from:

Sender: Me(_at_)AOL(_dot_)com

which is required if From: has more than one item.

  An implementation of SSP can start with a check for Sender: simply
because if it exists, that's the sender.  One test and it's done.   
Only
if that check fails would it look at From: and use the
by-definition-only-one sender found there.  In the worst case, it  
makes
two tests and it's done.
  Looking at From: first seems to be slightly more complicated, to me.
 Look for a From: address, good, look for another.  If none, that's  
it.
 If another found, then throw that away and look for a Sender:  
address.
 Always at least two looks, and sometimes three.


SSP has one, and only one, reason for existence. That is to
protect the domain displayed to the user in the From: field, as
Dave notes above.

Given that, any discussion of looking at the Sender: field is
pretty pointless.

Were you discussing any other sort of domain protection I'd
likely agree with you that the Sender field is relevant, especially
in the almost unheard of case of multiple entries in the From:
field, but SSP is solely intended to protect the string displayed to
the user. And that's the From field (with a partial exception for an
obscure MUA from Redmond). Looking at Sender: is out of scope.

Cheers,
   Steve

_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] Practices protocol naming poll (Closing issue 1550), Sandy Wills
Next by Date:  Re: [ietf-dkim] Practices protocol naming poll (Closing issue 1550), Dave Crocker
Previous by Thread:  Re: [ietf-dkim] Practices protocol naming poll (Closing issue 1550), Sandy Wills
Next by Thread:  Re: [ietf-dkim] Practices protocol naming poll (Closing issue 1550), Dave Crocker
Indexes:  [Date] [Thread] [Top] [All Lists]