[mail-vet-discuss] Auth-Results issues? #11 section 9 examples
Murray S. Kucherawy
msk at sendmail.com
Thu Apr 27 12:57:54 PDT 2006
Tony Hansen wrote:
> In section 9.2, an A-R is shown that does not do any authentication.
> Therefore, there is no verified identity and the headerspec
> header.from=sender at example.com should not be shown. It hasn't been verified.
> In sections 9.3, it shows an MTA adding an A-R header based on auth. I'm
> sorry, but this is an impossible case. Authentication is done when the
> message is submitted, not by the receiving MTA. These will almost
> *never* be the same server. Also, it is specified with an smtp.mail
> headerspec, which is wrong for auth, which should be using smtp.auth
> instead of smtp.mail.
It's possible to send a message to a user on the same server and have the client
authenticate using SMTP AUTH. So although it may be uncommon in the Internet
universe, it's not completely invalid.
Either way, I'll rework the examples.
More information about the mail-vet-discuss