John L wrote:
On second thought, wouldn't the MX for an address *be* a border MTA
and thus part of the intended recipient's administrative domain?
Yeah. That's the place where the message hops from the senders's
network to the recipient's network.
An intermediate MX could do any authentication it wants, but any A-R
header it adds is not desirable by the receiving domain anyway.
Sorry, that's just wrong. My wife has an address at cornell.edu which
forwards to an address here. Since I know the path that the mail takes
from Cornell to here, if Cornell added a header and the message arrived
via the known path, their header would be quite useful even though the
message subsequently made an MX hop to get here. Ditto for my addresses
at acm.org, ieee.org, etc. For SPF and other path authentication, an
A-R from the previous MX would be greatly preferable to the alternative
of parsing Received: headers.
Can I suggest that we not use MX? It's got a very specific meaning in
the email architecture, and I don't think that auth-res requires it have
any linkage to the actual hosts listed in an MX record. The draft's
use of the term seems to imply that there is, and I don't think that's
the intent.
Mike
_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html