On Mon, May 09, 2005 at 02:10:33PM -0700, David MacQuigg wrote:
I also
don't like the confusion with the order of headers. It seems to me that
headers should be prepended in exactly the order that the events
occur. Authentication first, then Received header.
But you can only trust the opposite, so it seems to me as if that is
what you should always do, if technically possible.
Here's my reasoning:
If my MUA always trusts the most recent MTA's claims by default, then
when it sees a piece of email starting with example A:
Return-Path
Authentication-Results:
Received:
then it can know that most recent MTA added that Authentication-Results:
line, and trust the info there.
However, if it sees example B:
Return-Path
Received:
Authentication-Results:
Received: (forging MTA)
Then it can't tell the difference between:
The authentication header being placed by the forging mta
and
The authentication header being placed in this order by the latest mta
Since if you trust your incoming mail server you can always trust
top-most authentication results in example A but not in B, IMHO it makes
sense as a blanket rule for MTAs to always add their authentication
headers so they appear above their added Received: header.
--
Mark Shewmaker
mark(_at_)primefactor(_dot_)com