[Top] [All Lists]

Re: [ietf-smtp] RFC2821bis discussion of DKIM and SPF (was Re: Error in RFC 5321 concerning SPF and DKIM)

2014-07-21 13:34:12

On Jul 21, 2014, at 10:44 AM, S Moonesamy <sm+ietf(_at_)elandsys(_dot_)com> 

Hi Dave,
At 06:59 21-07-2014, Dave Crocker wrote:


The sentence is factually incorrect, about basic matters of SPF and
DKIM, and these matters are commonly misrepresented and understood.

In other words, the fact that an IETF standards track document is
mischaracterizing important bits of technology is problematic to a
meaningful level.

It is one sentence and it starts with "Recent work" and provides two 
Informative references.  There were significant issues with those bits of 
technologies.  RFC 5321 does not say anything about that.
Recent work, such as that on SPF [29] and DKIM [30] [31] has been done to 
provide ways to ascertain that an address is valid or belongs to the person who 
actually sent the message.

This statement needs to be read where 'address' only means email-address 
(local-part@domain). In normal practice however, validation only assesses the 
domain component.  Local-part validation should be deprecated, especially where 
privacy is concerned.  We should be ultra-sensitive about making ownership 

Recent work, such as that on SPF [29] and DKIM [30] [31] was done to provide 
ways to ascertain whether an associated domain validate specific message 

Douglas Otis

ietf-smtp mailing list

<Prev in Thread] Current Thread [Next in Thread>