mail-vet-discuss
[Top] [All Lists]

Re: [mail-vet-discuss] New draft for review

2007-05-31 17:44:02
John Levine wrote:

I think it would be better to say that the header should usually be
added by the MX for an address, since that's the only point where you
can check path authentication like SPF and Sender-ID.  For content
authentication like DK and DKIM, you can do it anywhere you want, so I
don't see any reason to tell people not to.

On second thought, wouldn't the MX for an address *be* a border MTA and thus part of the intended recipient's administrative domain?

An intermediate MX could do any authentication it wants, but any A-R header it adds is not desirable by the receiving domain anyway.

So how about I just change that MUST NOT to a SHOULD NOT? There's nothing there that says an intermediate MX can't do the authentication, but if that mail gets all the way to the intended recipient then the recipient/verifier inside the final trust domain doesn't really care what the middle guys thought; it's going to do its own checks.
_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
<Prev in Thread] Current Thread [Next in Thread>