[mail-vet-discuss] Auth-Results issues? #2 headerspec

Arvel Hathcock arvel.hathcock at altn.com
Tue Mar 28 12:15:05 PST 2006


 > Here is an example of an A-R header with multiple results combined
 > together:
 >
 >     Authentication-Results: example.com;
 > 	dkim=pass header+body=foo.example.org (comments);
 > 	spf=fail (comments);
 > 	csv=pass smtp.ehlo=foo.example.org (comments);
 > 	sidf=pass body.sender=user at foo.example.org (comments)
 >
 > Note how the headerspec varies with the method and its results reflect
 > both: 1) what was used to do the tests, and 2) the identity that was
 > verified.

I strongly support a change along that line.  This is clean and easy to 
understand; documents all the AR work done by hostname in a single 
header which I love.

 > 3) Make the headerspec property an optional value to be specified by
 > the registration specifics for a given authentication method. So
 > whatever document is used to define how A-R is used by dkim would also
 > specify what value should go here. Not all authentication methods will
 > need a property.
 >
 > 4) Make the headerspec value a mailbox, domain or token. Which it is
 > would also to be specified in the authentication method specific
 > registration for a given method.

Would either of those options mean an update to (for example) the [AUTH] 
spec would be required to add this text?   Could we define something to 
use in the interim?

 > 2) Make the headerspec ptype a list of "smtp", "header" and "body".

How would you do PRA?

something like:  spf2/pra: pass header=foo at bar.com (Comments);

 > 1) Move the headerspec to after the method=result.

I think we should do this regardless of the other options.

-- 
Arvel





More information about the mail-vet-discuss mailing list