--On Wednesday, August 17, 2011 17:23 +0000 John Levine
<johnl(_at_)taugh(_dot_)com> wrote:
How does the 'discard' action of RFC5617 (DKIM ADSP) fit into
this picture? Although RFC5321 and RFC5617 operate on
different protocol layers, in real life the two are often
intertwined by way of MTA milter callouts during SMTP DATA
phase.
For people who choose to implement ADSP (and you know how I
feel about that), I think it's fair to say that it operates at
a layer above SMTP.
Please also note that 5321 says, very explicitly, that a server
may make all sorts of exceptions to a close reading of the rules
to protect itself from attacks. I'm not going to quote the
section number again -- the authors of several entries in this
long thread need to go back and read that spec again. If one
views DKIM with ADSP as a necessary attack-prevention mechanism,
provisions of 5321 that seem contradictory are irrelevant.
john