[ietf-dkim] Re: SSP and Sender header field
nobody at xyzzy.claranet.de
Wed Oct 26 12:51:40 PDT 2005
Earl Hood wrote:
> IMHO any design and policy decisions that rely on particular
> MUA rendering behaviors is a mistake.
+1 Besides some "popular" MUAs (on the wrong side of 2049 ;-)
show the Sender. Maybe it's ambiguous, but not obscure.
> a signer can bind to Sender, From, Resent-Sender, etc.
IMHO it's impossible to improve PRA, and PRA isn't good enough.
Impossible from an DKIM POV (= independent of SMTP Mail From),
and ignoring all "solutions" based on worldwide upgrades.
> Mailing lists that change the Sender can bind its signature
> to it, independent of what is in the From and avoiding any
> restrictions on From's SSP.
Okay. I'd say that lists _changing_ 2822 header fields are
at best utter dubious, and that DKIM shouldn't waste too much
time with broken list software. Why not simply promise to sign
the List-ID in the SSP of the list ?
If you're talking about lists with their own SSP. But I don't
see how that could help if a bad actor claims to be a list, and
to send mail "from" ebay. Somehow the SSP of ebay must be able
to say "lie" no matter what the phisher-disguised-as-list does.
More information about the ietf-dkim