John Levine wrote:
The last paragraph in section 1.3 on page 5 says that the
authentication happens at a border MTA or delivery MTA. That's not
really right. Some tests only make sense at specific MTAs, e.g., AUTH
happens at the injection MTA, and SPF and Sender-ID happen at the
border MX.
I would change it to say that the sender authentication reports for
path-sensitive methods should only be added at the points where those
methods make sense, and SHOULD NOT be added elsewhere.
I'm not sure I totally agree with this. If for example the border MTA
elects to encapsulate the SMTP client information in an additional
header field or some such, an internal MTA could later carry out the
SPF/Sender-ID test. By that logic, any of the tests we know about could
be done anywhere as long as all the required data are somehow available.
Granted SHOULD/SHOULD NOT doesn't make this illegal, but I'm not sure
it's necessarily something we should actively discourage either.
Can the MUA not make a judgement about the "makes sense" question on its
own if that's actually an issue?
_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html