[ietf-dkim] General Feedback loop using DKIM
Jeff Macdonald
jmacdonald at e-dialog.com
Thu May 28 12:01:43 PDT 2009
On Thu, May 28, 2009 at 08:23:11AM -0700, Dave CROCKER wrote:
>
>Michael Adkins wrote:
>> The presence of a header field that is signed does not guarantee that it
>> was placed there by the signer, merely that it was present when the
>> message was signed. It therefore does not provide a mechanism for
>> verifying that the requested destination address is authoritative for
>> the domain.
>
>Oops. Right. I keep raising the same point about whether contents are validated
>by DKIM. Sigh.
>
>So, there's a Pandora's box that this raises, which is how to use DKIM in a way
>that has the semantics of claiming that bits of contents are in fact valid?
So the Affiliated Names List could be applied here. That proposal
basically says that if you find an authenticated domain in my DNS,
consider that some sort of relationship exists. Applying that to this:
FBL-Where-To-Send-Header: fbl at example.net
DKIM-Signature: ... d=example.com ...
If in example.net's dns there exists an entry for example.com, then one
can safely assume there is a relationship between the two.
http://mipassoc.org/affil/specs/draft-macdonald-affiliated-nameslist-00-04dc.html
--
Jeff Macdonald
jmacdonald at e-dialog.com
More information about the ietf-dkim
mailing list