Fwd: Re: [ietf-dkim] Re: from'less 2822 messages
Hector Santos
hsantos at santronics.com
Mon Jan 28 09:36:39 PST 2008
Paul Hoffman wrote:
> At 11:54 AM +0000 1/28/08, Charles Lindsey wrote:
>> I think all you need, as Frank has pointed out, is a security
>> consideration to the effect that
>>
>> "Verifiers should be aware that Bad Guys may attempt to subvert the
>> intentions of SSP by submitting messages that are non-compliant with RFC
>> 2822 (for example by using empty From headers, mutiple From headers, Etc
>> {i.e. list a few examples, but not too may }).
>
> That seems like a good resolution to this long thread.
+1, non-compliant messages are immediately rejected. It has nothing to
do with SSP or DKIM or anything else.
The first rule of thumb is protocol compliance. DKIM can not be based
on allowing subjective *external* reputation concepts to trump or allow
faulty messages to pass *any* standard compliance test.
--
Sincerely
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com
More information about the ietf-dkim
mailing list