Great!
Now I have to wait for the payload to decide if the return path is valid.
Wonderful!
---
HLS
----- Original Message -----
From: "Douglas Otis" <dotis(_at_)mail-abuse(_dot_)org>
To: "John C Klensin" <john+smtp(_at_)jck(_dot_)com>
Cc: "John Leslie" <john(_at_)jlc(_dot_)net>; "Frank Ellermann"
<nobody(_at_)xyzzy(_dot_)claranet(_dot_)de>; <ietf-smtp(_at_)imc(_dot_)org>
Sent: Monday, October 30, 2006 5:57 PM
Subject: Re: Anything else on the content?
One more note supporting the concept of a mechanism for associating
domains:
A DKIM signing-domain should relate to the sending entity to be useful at
reducing abuse. The entity held accountable by their IP address should
receive relevant abuse feedback validated by the DKIM signature. Thus
the DKIM signature may typically not match the 2822.From or the
2821.MailFrom where an association mechanism can be used instead. As a
DKIM signature can be replayed, DoS protections are found by an
association of the SMTP Client with the DKIM signature. Messages where
the SMTP-Client/Signing-domain && Signing- domain/MailFrom can not be
associated, then acceptance should be on a limited basis. The limitation
could be rate limiting for example. An association mechanism also
removes any need for private keys or DNS zones to be exchanged between
domains.
-Doug