[ietf-dkim] DKIM on envelope level
lear at cisco.com
Mon Nov 2 04:45:05 PST 2009
On 11/2/09 12:20 PM, Ian Eiloart wrote:
> --On 30 October 2009 19:52:54 +0100 Eliot Lear <lear at cisco.com> wrote:
>> I can't say, but I do know that many of us toss a whole lot of mail at
>> EHLO, some at MAIL FROM:<> and some at DATA. The idea I was thinking
>> about was whether it provides any value whatsoever to at least know that
>> you are authentically dealing with a legitimate source sooner, without
>> having to send even a whole header.
> Yes it would help, but probably not more than an SPF pass would help.
> What do you get from that? Well, you can check the reputation of the
> MAIL FROM address.
Well now we're quibbling about how to check the MAIL FROM address. I'm
still interested in an end-to-end approach. SPF doesn't give you
end-to-end. A legitimate intermediate could have been compromised, for
instance. MAIL FROM *does* change for mailing lists, of course, but
then they should re-sign anyway. Of course, I'm still not sure this is
worth the effort to fix because SPF could be Just Good Enough for the
1st pass, and then DKIM can be used on the body. Same argument seems to
apply to STARTTLS, although I would imagine that the latter has more of
a hit on the CPU.
More information about the ietf-dkim