[ietf-dkim] marketing dkim
John R. Levine
johnl at iecc.com
Fri Aug 20 19:47:11 PDT 2010
> So, assuming you can determine a caring provider, then ask them to be
> careful about 822.From rather than ask them to invent and insert some
> other user identifiable token.
It's fairly difficult to validate From lines when you have users with
catchall domains, since they can use any address in their domain.
On a system like Yahoo, it makes perfect sense to lock down what the
users can do, since your users are all strangers and when someone wants
to do something unusual, you have to assume it's malicious until proven
otherwise.
On small systems like mine or my ISP, the management has a reasonably good
idea who the users are, they rarely misbehave, and they have all sorts of
funky setups with domains, web servers, scripts, or whatever, and there
aren't throwaway accounts. I have no idea what addresses my users are
allowed to use, but I add enough stuff to audit the mail in case of
questions rather than trying to pre-validate anything that might appear on
the From line.
R's,
John
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2304 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mipassoc.org/pipermail/ietf-dkim/attachments/20100820/1332f8eb/attachment.bin
More information about the ietf-dkim
mailing list