Charles Lindsey wrote:
On Wed, 25 Mar 2009 11:28:52 -0000, Hector Santos
<hsantos(_at_)santronics(_dot_)com> wrote:
- eBay and PayPal: signs non-existent Resent-From, preventing resending
Another case of BLIND signing! Read the freaking specs!!
Not necessarily. Signing a non-existent header is a valid way of
preventing it being added subsequently, and maybe that is what you want
(e.g. in this case if the mail is "for original recipient's eyes only").
Not that Ebay and Paypal were necessarily trying to do that, although
they are the sort of organisations that just might want to do it in
specific situations.
Good point Charles.
I guess I can see benefits of signing an non-existing header with the
intent to preempt some downlink injection. But only from the
standpoint of the intent to force a failure handling process. i.e,
eBay, Paypal and entities of the like do not expect these failures to
be ignored. Possible example is Reply-To. They might not want a
Reply-To and will rely on From: for any user feedback. So they sign
an non-existing Reply-to, this preventing any replays with an injected
Reply-to for MUAs to use.
I can see that.
--
Sincerely
Hector Santos
http://www.santronics.com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html