RE: [mail-vet-discuss] Re: Auth-Results issues? #7 section 4.1

I receive a message  that purports to be from myself at an edge mta, I
am going to drop it not process it.

Any removal of a header that is obviously falseflagged introduces a
security risk, not reducing such risk. At most a flag -This header is
bogus would be more useful.
Thanks,

Bill Oxley 
Messaging Engineer 
Cox Communications, Inc. 
Alpharetta GA 
404-847-6397 
bill(_dot_)oxley(_at_)cox(_dot_)com 

-----Original Message-----
From: mail-vet-discuss-bounces(_at_)mipassoc(_dot_)org
[mailto:mail-vet-discuss-bounces(_at_)mipassoc(_dot_)org] On Behalf Of SM
Sent: Friday, April 28, 2006 12:40 AM
To: mail-vet-discuss(_at_)mipassoc(_dot_)org
Subject: Re: [mail-vet-discuss] Re: Auth-Results issues? #7 section 4.1

Hi Murray,
At 12:43 27-04-2006, Murray S. Kucherawy wrote:
In section 4:

"For security reasons, an MTA SHOULD remove ..."


Shouldn't that be:

"For security reasons, an MTA MUST remove any discovered instance"

The draft mentions "If an MTA applies any authentication test, it 
MUST add this header" and the removal should be a MUST as well.

Modified text for Section 4:

    For security reasons, an MTA MUST remove any discovered instance of
    this header for which the "hostname" is its own, i.e. headers which
    claim to be from the MTA but were added before the mail arrived at
    the MTA for processing.  A border MTA MAY also delete any discovered
    instance of this header which claims to have been added within its
    trust boundary.  For example, a border MTA at mx.example.com MUST
    delete any instance of this header claiming to come from mx.exam-
    ple.com and MAY delete any instance of this header claiming to come
    from any host in example.com prior to adding its own headers.  This
    applies in both directions so that hosts outside the domain cannot
    claim results MUAs inside the domain might trust.

Regards,
-sm 

_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html 

_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread]	Current Thread	[Next in Thread>
[mail-vet-discuss] Re: Auth-Results issues? #7 section 4.1, Murray S. Kucherawy Re: [mail-vet-discuss] Re: Auth-Results issues? #7 section 4.1, Tony Hansen Re: [mail-vet-discuss] Re: Auth-Results issues? #7 section 4.1, SM Re: [mail-vet-discuss] Re: Auth-Results issues? #7 section 4.1, Murray S. Kucherawy Re: [mail-vet-discuss] Re: Auth-Results issues? #7 section 4.1, J.D. Falk [mail-vet-discuss] Re: Auth-Results issues? #7 section 4.1, Murray S. Kucherawy Re: [mail-vet-discuss] Re: Auth-Results issues? #7 section 4.1, Tony Hansen Re: [mail-vet-discuss] Re: Auth-Results issues? #7 section 4.1, SM RE: [mail-vet-discuss] Re: Auth-Results issues? #7 section 4.1, Bill.Oxley <=

Previous by Date:	Re: [mail-vet-discuss] Re: Auth-Results issues? #7 section 4.1, SM
Next by Date:	Re: [mail-vet-discuss] Re: Auth-Results issues? #7 section 4.1, Murray S. Kucherawy
Previous by Thread:	Re: [mail-vet-discuss] Re: Auth-Results issues? #7 section 4.1, SM
Next by Thread:	Re: [mail-vet-discuss] Auth-Results issues? #11 section 9 examples, Murray S. Kucherawy
Indexes:	[Date] [Thread] [Top] [All Lists]