ietf-mxcomp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Request discussion about using SUBMITTER (together with new Submitted-By RFC 2822 header) as basis for futher work

2004-09-13 07:45:13
from [Stephane Bortzmeyer] [Permanent Link] 

On Mon, Sep 13, 2004 at 06:38:39AM -0700,
 william(at)elan.net <william(_at_)elan(_dot_)net> wrote 
 a message of 76 lines which said:


I request formal discussion on possibility of replacing current
SenderID/PRA proposal with one that is based primarily on the
extended Submitter draft with additional extension that would
involve new Submitted-By RFC2822 header.


I agree with the idea but, to be sure we understand each other, may I
add some details? Tell me if I am on the right track.
 

If there was reintroduction of email (such as mail list or
forwarder), then this mail list of forwarder is such responsible
party and it is supposed to add Submitted-By header (it may also add
Resent-From or Sender headers if appropriate just like they do now)


Do note that, in the pure forwarding case (use of Unix .forward), no
header is added by sendmail and a custom header is added by Postfix
(unlike what -core says in 7.2). Seeing the discussions about
"forwarding" (a very loose word here and not really clearer in RFC
2822), it would be better to specify it.


For verification of email by means of SPF protocol, the SUBMITTER
scope would be used and clients that support it would be required to
base their decision based on either SUBMITTER parameter of MAIL or
based on the Submitted-By header if is top-most header in the
email. If it is not top-most header, then client SHOULD find the
first Submitted-By header


First in message order, meaning last in time order.


and attempt to verify that. If it passes,
everything is good,


Do not forget that the client MUST check that SUBMITTER agrees with
Submitted-by.


The results of the verification are to be reported using
"Authentication-Results:" header as to be defined further and based
on the draft-kucherawy-sender-auth-header-00.txt. If this header is
present (and MUA believes it was added by known MTA entity), then
MUA program SHOULD display the Submitted-By header and inform the
end-user that it has been verified. Otherwise, MUAs programs MAY
display the first found Submitted-By header but MUST then inform
user that it has not been verified.


The MUA MAY does its own SenderID check on the submitted-By header it
found.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: SPF abused by spammers, Alan DeKok
Next by Date:  Re: Request discussion about using SUBMITTER (together with new Submitted-By RFC 2822 header) as basis for futher work, william(at)elan.net
Previous by Thread:  Request discussion about using SUBMITTER (together with new Submitted-By RFC 2822 header) as basis for futher work, william(at)elan.net
Next by Thread:  Re: Request discussion about using SUBMITTER (together with new Submitted-By RFC 2822 header) as basis for futher work, william(at)elan.net
Indexes:  [Date] [Thread] [Top] [All Lists]