[ietf-dkim] DKIM on envelope level
Rolf E. Sonneveld
R.E.Sonneveld at sonnection.nl
Mon Nov 2 14:06:20 PST 2009
Eliot Lear wrote:
> On 11/2/09 12:20 PM, Ian Eiloart wrote:
>> --On 30 October 2009 19:52:54 +0100 Eliot Lear <lear at cisco.com> wrote:
>>> I can't say, but I do know that many of us toss a whole lot of mail at
>>> EHLO, some at MAIL FROM:<> and some at DATA. The idea I was thinking
>>> about was whether it provides any value whatsoever to at least know that
>>> you are authentically dealing with a legitimate source sooner, without
>>> having to send even a whole header.
>> Yes it would help, but probably not more than an SPF pass would help.
>> What do you get from that? Well, you can check the reputation of the
>> MAIL FROM address.
> Well now we're quibbling about how to check the MAIL FROM address. I'm
> still interested in an end-to-end approach. SPF doesn't give you
> end-to-end. A legitimate intermediate could have been compromised, for
> instance. MAIL FROM *does* change for mailing lists, of course, but
> then they should re-sign anyway.
Well, on the envelope level there's not much that carries over from end
to end, is there? The only thing that comes to mind is the MAIL FROM
itself (with the remark made by Eliot, see above) and the use of DKIM in
combination with something like BATV. This has been discussed before,
see for example the thread "BATV pseudo-Last Call", e.g.
http://www.imc.org/ietf-smtp/mail-archive/msg04856.html. I'm not sure
about any definitive conclusions within that thread, maybe someone who
participated in that thread can summarize.
> Of course, I'm still not sure this is
> worth the effort to fix because SPF could be Just Good Enough for the
> 1st pass, and then DKIM can be used on the body.
I'm not convinced SPF is good enough for the 1st pass.
More information about the ietf-dkim