spf-discuss
[Top] [All Lists]

Re: [spf-discuss] SPF, DKIM, and NIH

2009-10-06 23:17:07
On Tue, 6 Oct 2009, Michael Deutschmann wrote:

If I understand DKIM correctly, DKIM validators are to ignore DKIM
signatures that sign what, to them, is the "wrong" identity.  So, there
should be no obstacle to mailservers double-signing a message when the
envelope MAIL FROM: and the header From: are not the same.

Since only a simple flag is needed, it would make sense to piggyback
this on SPF records with a special modifier.  (Such as the "fm=dkim"
from my original senderside forwarder mitigation proposal...)

This can't be verified until the entire message is received.  While
using DKIM to validate Return-Path is a good idea, it is not SPF,
and is not an SMTP envelope time protocol.  You should take it up
with the DKIM folks.  It should be just a matter of adding a new 
signed identity to the DKIM header.

As to "NIH", it is not so much that as hoping "traditional" forwarding will
become inconvenient enough to die away like open relays.  It took a long
time for legit admins to realize that open relays had been rendered useless by
the abuse of spammers.  The same thing has happened to
traditional forwarding, but not everyone has realized it yet.

-- 
              Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
    Business Management Systems Inc.  Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flammis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/
Powered by Listbox: http://www.listbox.com

<Prev in Thread] Current Thread [Next in Thread>