[mail-vet-discuss] Draft as of 7/17/2007
SM
sm at resistor.net
Tue Aug 14 22:24:14 PDT 2007
At 17:05 14-08-2007, Murray S. Kucherawy wrote:
>I'm not sure I totally agree with this. If for example the border
>MTA elects to encapsulate the SMTP client information in an
>additional header field or some such, an internal MTA could later
>carry out the SPF/Sender-ID test. By that logic, any of the tests
>we know about could be done anywhere as long as all the required
>data are somehow available.
It all comes down to which headers to trust. Conceptually, if you
are going to trust the Authentication-Results: header, we could also
trust a header that conveys SMTP information.
>Can the MUA not make a judgement about the "makes sense" question on
>its own if that's actually an issue?
What "makes sense" to me may not make sense to you as you may have a
better understanding of the issues involved. I would prefer the MUA
not to make a judgement call about that especially when it is
operating in an environment prone to malware.
Regards,
-sm
More information about the mail-vet-discuss
mailing list