[mail-vet-discuss] New draft for review
Murray S. Kucherawy
msk at sendmail.com
Thu May 31 17:41:24 PDT 2007
John Levine wrote:
>
> I think it would be better to say that the header should usually be
> added by the MX for an address, since that's the only point where you
> can check path authentication like SPF and Sender-ID. For content
> authentication like DK and DKIM, you can do it anywhere you want, so I
> don't see any reason to tell people not to.
>
On second thought, wouldn't the MX for an address *be* a border MTA and
thus part of the intended recipient's administrative domain?
An intermediate MX could do any authentication it wants, but any A-R
header it adds is not desirable by the receiving domain anyway.
So how about I just change that MUST NOT to a SHOULD NOT? There's
nothing there that says an intermediate MX can't do the authentication,
but if that mail gets all the way to the intended recipient then the
recipient/verifier inside the final trust domain doesn't really care
what the middle guys thought; it's going to do its own checks.
More information about the mail-vet-discuss
mailing list