[mail-vet-discuss] New draft for review
Michael Thomas
mike at mtcc.com
Fri Jun 1 09:30:38 PDT 2007
SM wrote:
>>>>> An MTA compliant with this specification MUST add this header (after
>>>> performing one or more sender authentication tests) to indicate at
>>>> which host the test was done, which test got applied and what the
>>>> result was. If an MTA applies more than one such test, it MUST
>>>> either add this header once per test, or one header indicating
>>>> all of
>>>> the results. An MTA MUST NOT add a result to an existing header.
>>>
>>> An MTA compliant with this specification MUST add this header to
>>> indicate the host which performed the authentication tests, the
>>> authentication methods tested and the results of the tests. If more
>>> than one test is done, the MTA MUST either add this header once per
>>> test or add one header to convey all the results. An MTA MUST NOT
>>> add the result to an existing header.
I don't understand the reason for this restriction, and I understand
even less how you expect it to be enforced. Consider this:
border(spf)->mta(dkim)->delivery
why should it be illegal for the middle mta to add the dkim results
to the existing upstream auth-res? Does it cause some sort of security
problem? Or any other kind of problem? The only kind of security problem
I can see is if it added it to an _untrusted_ auth-res, but that would
be pretty silly.
Mike
More information about the mail-vet-discuss
mailing list