On Tue, Mar 15, 2016 at 4:28 PM, John R Levine <johnl(_at_)taugh(_dot_)com>
Another idea in the opposite direction:
A local-part fix up might be to use RFC7508 encrypted headers to repair
FROM and SENDER email addresses to their canonical form.
If you mean the canonicalization rules in section 4.3, they're borrowed
from DKIM and only change white space.
Actually I meant using the encrypt and decrypt functionality of RFC7508
4.6.1 and 4.6.2 to replace the FROM and SENDER headers contents which are
used for transport with the presented values to be verified and presented
to the recipient. In those sections, the two headers when present are
treated as status modified and replaced with new values.
It also references RFC 5750 which says that
Receiving agents MUST check that the address in the
From or Sender header of a mail message matches an Internet mail
address, if present, in the signer's certificate, if mail addresses
are present in the certificate.
but it doesn't say what "matches" means.
It probably would be risky for the validator which often is remote from to
the sender's domain and unfamiliar with their SMTP processing policies to
fix anything up (excepting IDNA) during comparison without some sort of
instruction from the sender.
ietf-smtp mailing list
smime mailing list