[ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"
dotis at mail-abuse.org
Wed May 4 00:57:09 PDT 2011
On 5/3/11 4:25 PM, Murray S. Kucherawy wrote:
> I might even go so far as to say returning that From: field is dangerous since it is not confirmed by anything, so DKIM (which is an authentication protocol) returning data that can't be validated, even if it was signed, is quite possibly asking for trouble.
This is a remarkable statement. DKIM's verification of the signing
domain provides a basis upon which contents of the message may be
trusted. That trust most certainly includes the important From header
field. In fact, only the From header field MUST be included in the DKIM
signature. As such, clearly defining what constitutes the From header
field IS important.
More information about the ietf-dkim