[mail-vet-discuss] Re: Auth-Results issues? #7 section 4.1
sm at resistor.net
Thu Apr 27 21:39:46 PDT 2006
At 12:43 27-04-2006, Murray S. Kucherawy wrote:
In section 4:
>"For security reasons, an MTA SHOULD remove ..."
Shouldn't that be:
"For security reasons, an MTA MUST remove any discovered instance"
The draft mentions "If an MTA applies any authentication test, it
MUST add this header" and the removal should be a MUST as well.
Modified text for Section 4:
For security reasons, an MTA MUST remove any discovered instance of
this header for which the "hostname" is its own, i.e. headers which
claim to be from the MTA but were added before the mail arrived at
the MTA for processing. A border MTA MAY also delete any discovered
instance of this header which claims to have been added within its
trust boundary. For example, a border MTA at mx.example.com MUST
delete any instance of this header claiming to come from mx.exam-
ple.com and MAY delete any instance of this header claiming to come
from any host in example.com prior to adding its own headers. This
applies in both directions so that hosts outside the domain cannot
claim results MUAs inside the domain might trust.
More information about the mail-vet-discuss