We're obviously talking past each other, but let's see if we have
consensus that
the draft doesn't make a recommendation to strip or not at all. It's a
local policy
decision at it's root so I don't see we should try to be any more heroic.
Mike
John L wrote:
The point I'm trying to make is that net-nanny like pronouncements of
MUST/SHOULD NOT are pointless if an admin thinks some part of their
population is going to be fooled by it: they'll just ignore it and
strip away.
Admins do stupid things every day. We all agree about that.
I fear you're suffering from a rather severe failure of imagination.
Anybody who picks up mail from more than one mailbox, which is a whole
lot of people these days, is going to have to check that an AR header
arrived via an appropriate path before believing it. Otherwise there's
an obvious attack if one path manages AR headers and the other one
doesn't. Ditto people who forward an address on system A to system B,
if A does AR and B doesn't. Once you're checking the path, it's a
trivial amount of extra work to check another hop or two and look at
AR's added farther away.
If you want to strip off potentially useful AR headers, nobody can
keep you from doing that, but don't pretend you're doing your users a
favor when you do.
R's,
John
PS: I get a lot of mail where the From: header is forged. Perhaps
just to be safe I should strip all of them, too.
_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html