Re: [spf-discuss] SPF, DKIM, and NIH
2009-10-12 20:45:07
On Mon, 12 Oct 2009, Scott Kitterman wrote:
This is where I think you go astray. DKIM has no requirement for the "d"
domain and the body from domain to match. So really all you are saying is
DKIM doesn't. DKIM/ADSP does, although signatures with "wrong" d= are
ignored rather than considered errors -- a fact my proposal counts on.
DKIM was built to allow for third-party signatures, but at present there is
no standard way to indicate that signatures other than that for the From:
domain *are required*. That's what I want to fix.
check if the domain used in mail from has a DKIM key record? If so, that's
a problem because you need to go to DATA to get the signature to find out
what the selector is.
No, at MAIL FROM: time you check whether the SPF record has a flag
indicating an envelope signing policy (such as my "fm=dkim" suggestion).
If the flag is set, you know, before seeing the DATA yourself, that either
the message will have a valid signature with d= matching the Return-path:,
or it is forged.
The test is more expensive than SPF, but when supported it is more accurate,
since it is as immune as DKIM/ADSP to the forwarder problem.
And remember, if SPF returns fail *and* you are sure the message is
not a forward, you are still allowed to reject the message without ever
looking at the DATA.
---- Michael Deutschmann <michael(_at_)talamasca(_dot_)ocis(_dot_)net>
-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/
Powered by Listbox: http://www.listbox.com
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Re: [spf-discuss] SPF, DKIM, and NIH, (continued)
- Re: [spf-discuss] SPF, DKIM, and NIH, Michael Deutschmann
- Re: [spf-discuss] SPF, DKIM, and NIH, Alessandro Vesely
- Re: [spf-discuss] SPF, DKIM, and NIH, Michael Deutschmann
- Re: [spf-discuss] SPF, DKIM, and NIH, Scott Kitterman
- Re: [spf-discuss] SPF, DKIM, and NIH, Michael Deutschmann
- Re: [spf-discuss] SPF, DKIM, and NIH, Scott Kitterman
- Re: [spf-discuss] SPF, DKIM, and NIH, Michael Deutschmann
- Re: [spf-discuss] SPF, DKIM, and NIH, Scott Kitterman
- Re: [spf-discuss] SPF, DKIM, and NIH, Michael Deutschmann
- Re: [spf-discuss] SPF, DKIM, and NIH, Scott Kitterman
- Re: [spf-discuss] SPF, DKIM, and NIH,
Michael Deutschmann <=
- Re: [spf-discuss] SPF, DKIM, and NIH, Hector Santos
- Re: [spf-discuss] SPF, DKIM, and NIH, Stuart D. Gathman
- Re: [spf-discuss] SPF, DKIM, and NIH, Scott Kitterman
- Re: [spf-discuss] SPF, DKIM, and NIH, Ian Eiloart
- Re: [spf-discuss] SPF, DKIM, and NIH, David MacQuigg
- Re: [spf-discuss] SPF, DKIM, and NIH, Alessandro Vesely
- Re: [spf-discuss] SPF, DKIM, and NIH, Ian Eiloart
- Re: [spf-discuss] SPF, DKIM, and NIH, Stuart D. Gathman
- Re: [spf-discuss] SPF, DKIM, and NIH, Ian Eiloart
- Re: [spf-discuss] SPF, DKIM, and NIH, Stuart D. Gathman
|
Previous by Date: |
Re: [spf-discuss] SPF, DKIM, and NIH, Scott Kitterman |
Next by Date: |
Re: [spf-discuss] SPF, DKIM, and NIH, Ian Eiloart |
Previous by Thread: |
Re: [spf-discuss] SPF, DKIM, and NIH, Scott Kitterman |
Next by Thread: |
Re: [spf-discuss] SPF, DKIM, and NIH, Hector Santos |
Indexes: |
[Date]
[Thread]
[Top]
[All Lists] |
|
|