[mail-vet-discuss] Auth-Results issues? #11 section 9 examples

Murray S. Kucherawy msk at sendmail.com
Thu Apr 27 12:57:54 PDT 2006

Tony Hansen wrote:
> In section 9.2, an A-R is shown that does not do any authentication.
> Therefore, there is no verified identity and the headerspec
> header.from=sender at example.com should not be shown. It hasn't been verified.


> In sections 9.3, it shows an MTA adding an A-R header based on auth. I'm
> sorry, but this is an impossible case. Authentication is done when the
> message is submitted, not by the receiving MTA. These will almost
> *never* be the same server. Also, it is specified with an smtp.mail
> headerspec, which is wrong for auth, which should be using smtp.auth
> instead of smtp.mail.

It's possible to send a message to a user on the same server and have the client 
authenticate using SMTP AUTH.  So although it may be uncommon in the Internet 
universe, it's not completely invalid.

Either way, I'll rework the examples.

More information about the mail-vet-discuss mailing list