Re: [spf-discuss] SPF, DKIM, and NIH
2009-10-12 14:56:22
On Mon, 12 Oct 2009 10:05:24 -0700 (PDT) Michael Deutschmann
<michael(_at_)talamasca(_dot_)ocis(_dot_)net> wrote:
On Mon, 12 Oct 2009, Scott Kitterman wrote:
So I still need to accept the message body to determine if it passed?
Sometimes. Here's the matrix:
SPF EDSP Forwarder Action
---- ---- --------- ------
(any) (any) Yes Accept message
Pass (any) (any) Accept message
Neutral No (any) Accept message
Neutral Yes No Let pass RCPT, accept if signed
Neutral Yes Maybe Let pass RCPT, accept if signed
Fail (any) No Reject at RCPT
Fail No Maybe Accept message (grudgingly...)
Fail Yes Maybe Let pass RCPT, accept if signed
SPF none and softdeny are treated same as neutral. The forwarder column
refers to any other intelligence the recipient has as to whether the
message is from a legitimate forwarder.
EDSP refers to whether the MAIL FROM domain has posted an envelope-dkim
signing policy -- not the presence of a signature, which you don't know
yet.
For the 80 percent of mail that has the same mail from and from domain,
what would be the difference between this and a standard first party
DKIM
signature?
No difference. In fact, since the required d= value for DKIM/ADSP and
Envelope DKIM in this case are identical, the deployment of Envelope DKIM
at a DKIM/ADSP would not change a byte of outgoing messages in this class.
The main advatange of Envelope DKIM is that it protects you from being
suckered into accepting a message on probation because of a DKIM/ADSP
policy on the MAIL FROM: address, only to find that the header From: is
something completely different.
For the remainder, what would be the difference between this and a
standard
3rd party signature?
There's no such thing as a "standard 3rd party signature" at present.
Envelope DKIM might become the first.
This is where I think you go astray. DKIM has no requirement for the "d"
domain and the body from domain to match. So really all you are saying is
check if the domain used in mail from has a DKIM key record? If so, that's
a problem because you need to go to DATA to get the signature to find out
what the selector is.
Scott K
-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/
Powered by Listbox: http://www.listbox.com
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Re: [spf-discuss] SPF, DKIM, and NIH, (continued)
- Re: [spf-discuss] SPF, DKIM, and NIH, Scott Kitterman
- Re: [spf-discuss] SPF, DKIM, and NIH, Michael Deutschmann
- Re: [spf-discuss] SPF, DKIM, and NIH, Alessandro Vesely
- Re: [spf-discuss] SPF, DKIM, and NIH, Michael Deutschmann
- Re: [spf-discuss] SPF, DKIM, and NIH, Scott Kitterman
- Re: [spf-discuss] SPF, DKIM, and NIH, Michael Deutschmann
- Re: [spf-discuss] SPF, DKIM, and NIH, Scott Kitterman
- Re: [spf-discuss] SPF, DKIM, and NIH, Michael Deutschmann
- Re: [spf-discuss] SPF, DKIM, and NIH, Scott Kitterman
- Re: [spf-discuss] SPF, DKIM, and NIH, Michael Deutschmann
- Re: [spf-discuss] SPF, DKIM, and NIH,
Scott Kitterman <=
- Re: [spf-discuss] SPF, DKIM, and NIH, Michael Deutschmann
- Re: [spf-discuss] SPF, DKIM, and NIH, Hector Santos
- Re: [spf-discuss] SPF, DKIM, and NIH, Stuart D. Gathman
- Re: [spf-discuss] SPF, DKIM, and NIH, Scott Kitterman
- Re: [spf-discuss] SPF, DKIM, and NIH, Ian Eiloart
- Re: [spf-discuss] SPF, DKIM, and NIH, David MacQuigg
- Re: [spf-discuss] SPF, DKIM, and NIH, Alessandro Vesely
- Re: [spf-discuss] SPF, DKIM, and NIH, Ian Eiloart
- Re: [spf-discuss] SPF, DKIM, and NIH, Stuart D. Gathman
- Re: [spf-discuss] SPF, DKIM, and NIH, Ian Eiloart
|
Previous by Date: |
Re: [spf-discuss] SPF, DKIM, and NIH, Michael Deutschmann |
Next by Date: |
Re: [spf-discuss] SPF, DKIM, and NIH, Scott Kitterman |
Previous by Thread: |
Re: [spf-discuss] SPF, DKIM, and NIH, Michael Deutschmann |
Next by Thread: |
Re: [spf-discuss] SPF, DKIM, and NIH, Michael Deutschmann |
Indexes: |
[Date]
[Thread]
[Top]
[All Lists] |
|
|