[ietf-dkim] DKIM signature can mean it's safe to generate bounce?
Michael Thomas
mike at mtcc.com
Fri Jul 6 17:36:35 PDT 2007
Steve Atkins wrote:
>
> On Jul 6, 2007, at 5:09 PM, Dave Crocker wrote:
>
>> Folks,
>>
>> I'm not sure whether this fits into SSP or not, since it does not
>> seem to require that a record be published. However...
>>
>> It seems to me that if a message has a DKIM signature and the signing
>> domain matches the domain in the rfc2821.MailFrom command, then it is
>> safe to generate a bounce message to that address.
>>
>> By 'safe' I mean that one can be confident that the mail will not go
>> to an unwitting victim of a spoofed address.
>>
>> Am I missing something?
>
> If the mail is sent by dick at earthlink.net (or a virus on their
> machine), with an envelope from address of jane at earthlink.net out
> through the DKIM stamping earthlink smarthost and you generate a
> bounce, that bounce will go to Jane.
Sure, but at least it's reduced to an intra-domain problem which earthlink
has the capacity to remedy.
Mike
More information about the ietf-dkim
mailing list