Hector Santos wrote:
Right. Does this add "signer" reputation weight for the injected
5322.From?
Probably not. AFAICT mipassoc.org doesn't verify DKIM sigs on list
messages, and even if it did, a verified DKIM sig (such as one created by
the original author of the message) doesn't tell anything about the
legitimacy of the use of the From identity.
Personally, -1 on suggesting a h=from:from, because you are assuming
that operators are actually defining a h= tag. If its blank, its
falls back to the semantics written - use the LAST header found.
No. h= must not be empty. The spec explicitly forbids this.
Cf. http://tools.ietf.org/html/rfc4871#page-20
h= [...]
This list MUST NOT be empty. [...]
As for a possible change in RFC 4871bis, if you look at page 41 of
4871bis-01 (page 36 in RFC 4871), it already has this nice little note:
| INFORMATIVE NOTE: A header field name need only be listed once
| more than the actual number of that header field in a message at
| the time of signing in order to prevent any further additions.
| For example, if there is a single Comments header field at the
| time of signing, listing Comments twice in the "h=" tag is
| sufficient to prevent any number of Comments header fields from
| being appended; it is not necessary (but is legal) to list
| Comments three or more times in the "h=" tag.
I suggest replacing "Comments" with "From". That should solve the
problem.
-Julian
signature.asc
Description: This is a digitally signed message part.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html