ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] ADSP takes DNS down, film(_at_)11

2008-06-28 03:04:17
MH Michael Hammer (5304) wrote:

Bad actors pick whatever PRA, 2822-From, HELO, or MAIL FROM
suits them.  It's the job of v=spf1, spf2.0/pra, or ADSP to
defeat that.
 
And spf2.0/pra fails to do that. The requirement to set PRA
to the sender field if a proper one exists bypasses the SPF
record intentions of the domain represented in the RFC2822
From field email address.

They picked "Sender ID" as name for their idea, originally it
was "Caller ID", but never "Author Domain ID".  In a certain
sense RFC 4407 is compatible with 2822(upd) Resent-*, and it
protects a Purportable Responsilbe Address, not the author(s).

It is rather trivial to game PRA to get a neutral for any
particular piece of "bad" email. 

Yes, and it won't surprise you that I don't like spf2.0/pra,
putting it very mildly.  But two proposals to remove Resent-*
from the picture got no traction in the 2822upd discussions.

But what does this have to do with DKIM and ADSP other
than the suggestion at an earlier point in the process to
use the sender field?

Better ask Doug.  I can see Resent-* as obstacle, PRA took it
as given, ADSP ignores it, RFC 5016 section 4.3 mentions it.

 Frank

_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html