[mail-vet-discuss] Auth-Results issues? #2 headerspec
Arvel Hathcock
arvel.hathcock at altn.com
Tue Mar 28 12:15:05 PST 2006
> Here is an example of an A-R header with multiple results combined
> together:
>
> Authentication-Results: example.com;
> dkim=pass header+body=foo.example.org (comments);
> spf=fail (comments);
> csv=pass smtp.ehlo=foo.example.org (comments);
> sidf=pass body.sender=user at foo.example.org (comments)
>
> Note how the headerspec varies with the method and its results reflect
> both: 1) what was used to do the tests, and 2) the identity that was
> verified.
I strongly support a change along that line. This is clean and easy to
understand; documents all the AR work done by hostname in a single
header which I love.
> 3) Make the headerspec property an optional value to be specified by
> the registration specifics for a given authentication method. So
> whatever document is used to define how A-R is used by dkim would also
> specify what value should go here. Not all authentication methods will
> need a property.
>
> 4) Make the headerspec value a mailbox, domain or token. Which it is
> would also to be specified in the authentication method specific
> registration for a given method.
Would either of those options mean an update to (for example) the [AUTH]
spec would be required to add this text? Could we define something to
use in the interim?
> 2) Make the headerspec ptype a list of "smtp", "header" and "body".
How would you do PRA?
something like: spf2/pra: pass header=foo at bar.com (Comments);
> 1) Move the headerspec to after the method=result.
I think we should do this regardless of the other options.
--
Arvel
More information about the mail-vet-discuss
mailing list