[ietf-dkim] DKIM signature can mean it's safe to generate bounce?
Douglas Otis
dotis at mail-abuse.org
Fri Jul 6 17:24:18 PDT 2007
On Jul 6, 2007, at 5:09 PM, Dave Crocker wrote:
> Folks,
>
> I'm not sure whether this fits into SSP or not, since it does not
> seem to require that a record be published. However...
>
> It seems to me that if a message has a DKIM signature and the
> signing domain matches the domain in the rfc2821.MailFrom command,
> then it is safe to generate a bounce message to that address.
>
> By 'safe' I mean that one can be confident that the mail will not
> go to an unwitting victim of a spoofed address.
>
> Am I missing something?
I made the same point in the tpa-ssp draft. The domain within
rfc2821.MailFrom does not need to be within the signing domain, when
the signing domain and scope are authorized by the MailFrom domain.
One should presume that this is conditions upon the message signature
being valid.
-Doug
More information about the ietf-dkim
mailing list