[mail-vet-discuss] Auth-Results issues? #2 headerspec

Arvel Hathcock arvel.hathcock at altn.com
Tue Mar 28 11:42:57 PST 2006


 > It's unclear how multiple methods are to be combined together into a
 > single header; what happens with the "headerspec" value? If you wanted
 > to put in an A-R header saying that the message passed CSV, SIDF, SPF
 > and DKIM, how would those be combined? Each of those could and
 > possibly should have totally different values for headerspec.
 > Each of those could and possibly should have totally different values
 > for headerspec. Messages often have multiple identities that are
 > confirmed differently by the various authentication methods. CSV can
 > identify the relay hostname. SIDF can identify the
 > rfc822.sender/from/etc. SPF can identify the smtp.from hostname. DKIM
 > can identify the sender's hostname. Which one goes into the
 > headerspec?

Yes, this is an issue that's been brought up several times.  Currently, 
if the headerspec needs to change you have to create multiple AR headers 
IIRC.  I'd prefer an approach where the headerspec and the methods that 
were used with it were grouped together somehow and we could do this in 
a single header.

 > make it subordinate to the method=result. In other words, the
 > headerspec should be supporting information to what was validated, not
 > the other way around.

Could you provide a sample of how one of those headers might look?  I 
think I'm on the same page with you but want to see one to make sure.

 > In the samples, some authors have punted and just put in a
 > "header.from" value,

That's because some things don't have a corrolation to anything in the 
envelope or headers as you've said.  For example, how to you 
'headerspec' the DKIM identity that was verified?

-- 
Arvel





More information about the mail-vet-discuss mailing list