Dave Crocker wrote:
Hector Santos wrote:
HS> If it is *mandatory* for MTA to add the network control header Received: why
HS> it is not possible to use this as part the "chain of trust" separately or
the field is often forged. there must be some way to know that it
hasn't been.
Take a look at the recent archives of the ASRG Filtering subgroup. There's
been a great deal of discussion about this exact issue, although with a
slightly different bent, namely verifying that a second 'tag' header was
added at or after a certain point in the chain.
At any rate, I think that's out of scope for this group, unless you want to
test that the prior MTA in the chain added a proper (syntactically,
semantically correct) Received header, likely with some association between
and/or among the domains named in those headers. I think that's a silly
approach for this group.
Philip Miller