[ietf-dkim] Issue #1534: Applying SSP to sub-domains does not work
dotis at mail-abuse.org
Wed Mar 19 15:30:52 PDT 2008
On Mar 19, 2008, at 10:17 AM, Jim Fenton wrote:
> Hector Santos wrote:
>> You need to throw way the whole idea of mandating an MX. MX is
>> for OUTGOING mail. DKIM is for IMCOMING mail.
> We agree on this. Sorry if my long-winded explanation of why
> doesn't make that clear.
While email-addresses carried within a message aren't necessarily
related to SMTP, the impetuous for DKIM is to deal with spoofing of
publicly transmitted messages over SMTP. While only MailFrom is
required to be compatible with SMTP, the From is not. However,
development of the DKIM policy should clarify it pertains to messages
sharing SMTP destinations. Any originating email-address is only
valid when the transport is able to carry the message to its
destination. In the case of SMTP, this requires publishing discovery
records, which currently are MX, and A records.
>> MA applies to the x821.MailFrom domain period. Attempting to tie
>> to the the 2822.FROM is arkward and the proposed solution is
>> isolated to a few systems that believe they have a total solution
>> for the world.
> That's another good reason that hadn't occurred to me.
This is a good reason to specify the scope of the policy. What other
transports operating independently from SMTP will make use of DKIM
ADSP policy records? Once those attempting to discover policy are
able to understand the policy only relates to SMTP sources and
destinations, then and only then can discovery records play a role in
validating the domain. If there is to be any hope in defending the
DKIM process, determination of a valid domain is likely to be
essential. As abuse increases, this aspect of the SMTP protocol
becomes increasing critical.
More information about the ietf-dkim