At 17:05 14-08-2007, Murray S. Kucherawy wrote:
I'm not sure I totally agree with this. If for example the border
MTA elects to encapsulate the SMTP client information in an
additional header field or some such, an internal MTA could later
carry out the SPF/Sender-ID test. By that logic, any of the tests
we know about could be done anywhere as long as all the required
data are somehow available.
It all comes down to which headers to trust. Conceptually, if you
are going to trust the Authentication-Results: header, we could also
trust a header that conveys SMTP information.
Can the MUA not make a judgement about the "makes sense" question on
its own if that's actually an issue?
What "makes sense" to me may not make sense to you as you may have a
better understanding of the issues involved. I would prefer the MUA
not to make a judgement call about that especially when it is
operating in an environment prone to malware.
Regards,
-sm
_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html