Douglas Otis wrote:
The sender-auth draft provides a mechanism for use when ADSP records
are discovered, the From header field can be captured within an
Authentication-Results header. The purpose of the Authentication-
Results header is to convey to MUAs the results of various message
"authentication" checks. Because the Author-Signature definition
limits what is allowed within a compliant DKIM signature, neither
ADSP, Sender-ID, or SPF can properly be described as providing an
authentication of the From header field, PRA, or the MAILFROM email-
address respectively. The Author-Signature definition prevents a
complaint signature "on-behalf-of" value from indicating a From
header field has not been authenticated.
I'm afraid I'm missing how the definition of Author-Signature, which is
a property of the ADSP specification, alters what SPF or Sender-ID can
claim.
In addition, the path registration process of Sender-ID and SPF only
authorize an SMTP client. An authorized SMTP client will not safely
convey an assurance that the corresponding email-address was
authenticated to represent the author or even being a valid use of the
email-address.
A consumer of the data presented in this header field would be expected
to understand what an SPF "pass" or Sender-ID "pass" actually implies
before acting on it. There's text covering that in the draft already as
well, in the "Header Position and Interpretation" section.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html