On Tue, 2 Jul 2013, Alessandro Vesely wrote:
So, if the bounce they get has text/rfc822-headers only, they [...]
This is getting OT, but you can't even count on getting
text/rfc822-headers in a bounce. I use Exim, a very popular MTA with the
latest stable release just 8 months old, and it doesn't give MIME bounces
*at all*.
But back to EDSP:
I still don't quite see how Return-path:'s special status is such a
problem. I know that it's only generated from the envelope just before
being written to the mailbox, and never appears in the SMTP transaction
itself, and for that reason it cannot be *covered* by the signature. But
it can still determine relevance.
If you were to change the From: field of a message signed to pass
ADSP/DMARC, you would make the signature bogus, and also make it
irrelevant if the new address is in a different domain.
If you change just the MAIL FROM: of a message signed to pass EDSP, you
would make the signature irrelevant but not bogus.
But I don't see how the above difference leads to any practical problem.
I suppose a forwarder or other MITM could change only the left-hand-side
of the MAIL FROM: and "get away with it". But why would they be tempted
to do that?
---- Michael Deutschmann <michael(_at_)talamasca(_dot_)ocis(_dot_)net>
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html