On Mon, May 09, 2005 at 04:19:17PM -0700, David MacQuigg wrote:
At 05:46 PM 5/9/2005 -0400, Mark Shewmaker wrote:
Since if you trust your incoming mail server you can always trust
top-most authentication results in example A but not in B, IMHO it makes
sense as a blanket rule for MTAs to always add their authentication
headers so they appear above their added Received: header.
Don't we have the same fundamental problem drawing the line of trust at a
Received header?
No, because you can always trust the topmost received line of your trusted
incoming mail servers.
All proper mail servers add a topmost received line, but not all proper
mail servers add a topmost authentication header, so without additional
user-side configuration or other information outside the content of the
mail message itself, the only things MUAs can in all cases trust are
things in and above the topmost received header.
--
Mark Shewmaker
mark(_at_)primefactor(_dot_)com