SM wrote:
An MTA compliant with this specification MUST add this header (after
performing one or more sender authentication tests) to indicate at
which host the test was done, which test got applied and what the
result was. If an MTA applies more than one such test, it MUST
either add this header once per test, or one header indicating
all of
the results. An MTA MUST NOT add a result to an existing header.
An MTA compliant with this specification MUST add this header to
indicate the host which performed the authentication tests, the
authentication methods tested and the results of the tests. If more
than one test is done, the MTA MUST either add this header once per
test or add one header to convey all the results. An MTA MUST NOT
add the result to an existing header.
I don't understand the reason for this restriction, and I understand
even less how you expect it to be enforced. Consider this:
border(spf)->mta(dkim)->delivery
why should it be illegal for the middle mta to add the dkim results
to the existing upstream auth-res? Does it cause some sort of security
problem? Or any other kind of problem? The only kind of security problem
I can see is if it added it to an _untrusted_ auth-res, but that would
be pretty silly.
Mike
_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html