On 02/28/2012 01:11 AM, ned+ietf-smtp(_at_)mrochek(_dot_)com wrote:
And as Randy points
out, a lot of legitimate uses of it run afoul of incompetently designed
security restrictions.
As it happens I was involved in implementing exactly this restriction once.
The chain of logic was like this: 1. We want to sign using DKIM. 2. For
that we need to make sure each outgoing From address is something the
domain owner is happy to sign for. 3. We'll restrict From and the smtp
sender addresses to ones explictly connected to the SASL/Submit user.
The DKIM design isn't incompetent, none of steps 1-3 seem obviously
incompetent. Tell me what I overlooked?
If you goal is to sign absolutely everything you send, I would dispute the
notion that DKIM is actually competent for that. In particular, DKIM fails to
handle the "send on behalf of" case. The proper way to handle that - and it's
widely supported and commonly used - is to put the "on behalf of" address
in the From: and the actual sender's address in the Sender:.
If you want to restrict the addresses people send from and allow this case,
that's actualy pretty easy: Check the Sender: if it is present, and if it
isn't check the From:.
This has nothing to do with multiple from addresses either, although it's
another case where Sender: is required and is the correct address for these
sorts of checks.
Ned