On Thu, May 28, 2009 at 08:23:11AM -0700, Dave CROCKER wrote:
Michael Adkins wrote:
The presence of a header field that is signed does not guarantee that it
was placed there by the signer, merely that it was present when the
message was signed. It therefore does not provide a mechanism for
verifying that the requested destination address is authoritative for
the domain.
Oops. Right. I keep raising the same point about whether contents are
validated
by DKIM. Sigh.
So, there's a Pandora's box that this raises, which is how to use DKIM in a
way
that has the semantics of claiming that bits of contents are in fact valid?
So the Affiliated Names List could be applied here. That proposal
basically says that if you find an authenticated domain in my DNS,
consider that some sort of relationship exists. Applying that to this:
FBL-Where-To-Send-Header: fbl(_at_)example(_dot_)net
DKIM-Signature: ... d=example.com ...
If in example.net's dns there exists an entry for example.com, then one
can safely assume there is a relationship between the two.
http://mipassoc.org/affil/specs/draft-macdonald-affiliated-nameslist-00-04dc.html
--
Jeff Macdonald
jmacdonald(_at_)e-dialog(_dot_)com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html