On Tue, 14 Oct 2008 22:24:55 +0100, Murray S. Kucherawy
<msk(_at_)sendmail(_dot_)com>
wrote:
Douglas Otis wrote:
Agreed. However, when a domain attempts to assert control over the
From header field using DKIM and ADSP, they must "pretend" to
authenticate an email-address within the From header field.
I don't think we're talking about any such assertions here. We're only
interested in protecting an Authentication-Results: header added by a
border MTA on inbound mail. Seems like ADSP and even From: are somewhat
irrelevant to this discussion.
Yes, but I think you are missing Doug's point.
It the border MTA-X (re-)signs the message, including the added
Authentication header, then is MUST (according to DKIM) cover the From
header.
Then, if the paranoid recipient MUA-Y wants to check it, and consults
MTA-X's SSP record, he will discover that the signature is "suspicious"
(or whatever the latest euphemism is).
--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131
Web: http://www.cs.man.ac.uk/~chl
Email: chl(_at_)clerew(_dot_)man(_dot_)ac(_dot_)uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html