Tony Hansen wrote:
In section 9.2, an A-R is shown that does not do any authentication.
Therefore, there is no verified identity and the headerspec
header(_dot_)from=sender(_at_)example(_dot_)com should not be shown. It hasn't
been verified.
Fixed.
In sections 9.3, it shows an MTA adding an A-R header based on auth. I'm
sorry, but this is an impossible case. Authentication is done when the
message is submitted, not by the receiving MTA. These will almost
*never* be the same server. Also, it is specified with an smtp.mail
headerspec, which is wrong for auth, which should be using smtp.auth
instead of smtp.mail.
It's possible to send a message to a user on the same server and have the client
authenticate using SMTP AUTH. So although it may be uncommon in the Internet
universe, it's not completely invalid.
Either way, I'll rework the examples.
_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html