[ietf-dkim] Practices protocol naming poll (Closing issue 1550)

Steve Atkins steve at blighty.com
Thu Mar 20 20:31:56 PDT 2008 

On Mar 20, 2008, at 8:22 PM, Sandy Wills wrote:
> Dave Crocker wrote:
>>
>> Exactly which value of exactly which field or command are you  
>> referring to?
>>
>> And how does your desire related to the current *SP specification,  
>> which
>> explicitly calls for using the value(s) in the rfc2822.From field?
>
> I don't see how we can get a useful check from this header line:
>
> From: Me at AOL.com, You at Hotmail.com, Him at gmail.com, Her at yahoo.com
>
>   There's been a lot of bandwidth invested in discussion of which
> address is "right".  First?  Last?  There's no clear best answer,  
> which
> means there's no _right_ answer that can be put in a spec and used.   
> Any
> decision made by us will be capricious and without basis, and will be
> screwed up by the first email user to forget to put his boss's name  
> first.
>
> But we may get something useful from:
>
> Sender: Me at AOL.com
>
> which is required if From: has more than one item.
>
>   An implementation of SSP can start with a check for Sender: simply
> because if it exists, that's the sender.  One test and it's done.   
> Only
> if that check fails would it look at From: and use the
> by-definition-only-one sender found there.  In the worst case, it  
> makes
> two tests and it's done.
>   Looking at From: first seems to be slightly more complicated, to me.
>  Look for a From: address, good, look for another.  If none, that's  
> it.
>  If another found, then throw that away and look for a Sender:  
> address.
>  Always at least two looks, and sometimes three.

SSP has one, and only one, reason for existence. That is to
protect the domain displayed to the user in the From: field, as
Dave notes above.

Given that, any discussion of looking at the Sender: field is
pretty pointless.

Were you discussing any other sort of domain protection I'd
likely agree with you that the Sender field is relevant, especially
in the almost unheard of case of multiple entries in the From:
field, but SSP is solely intended to protect the string displayed to
the user. And that's the From field (with a partial exception for an
obscure MUA from Redmond). Looking at Sender: is out of scope.

Cheers,
   Steve

More information about the ietf-dkim mailing list