[ietf-dkim] ISSUE 1525 -- combine Arvel's, Doug's,
and John's ideas (?)
Frank Ellermann
nobody at xyzzy.claranet.de
Fri Jan 18 23:53:37 PST 2008
Douglas Otis wrote:
> There is a domain within the signature that should
> be used to assess compliance. What prevents a valid
> signature of the From domain from allowing a message
> to comply with "all" or "strict"?
The most interesting case for SSP is "no signature".
For my unconvincing "toss a coin" list (Message-ID or
first author or Reply-To) it's of course possible to
add "use any signature for a domain in From addresses"
to figure out a relevant domain for SSP.
But that only works if there is a corresponding DKIM
signature, when it's not really necessary to test SSP.
Or do I miss something obvious in your proposal ? We
could pick John's proposal where Arvel's idea doesn't
work, just look at all domains in From addresses, for
legit mail it's rare. That needs some "SSP processing
limits" for malicious mails (not as badly as for SPF).
Frank
More information about the ietf-dkim
mailing list