[mail-vet-discuss] What is the A-R header really for?

[John L]

> I don't see these two as mutually exclusive.  Do they have to be?

Of course not, except to the extent that optimizing for one breaks the 
other.  If the local MTA strips off all of the incoming A-R headers to 
protect me from myself, I can't do the forensics.

> Within the context of message authentication, the "trust boundary" 
> referenced in the draft doesn't have to be constrained to machines 
> bearing your domain name, although I would probably assert that that's 
> going to be the general case and thus some of the softer language in the 
> draft does make that assumption.

It really depends on context.  I think my example of forwarders that are 
known to be friendly but have less than fabulous filtering is a useful one 
here.  (It's certainly useful for me in the spam forensics I do right now. 
Two of my forwarders are acm.org and ieee.org which I think are reasonable 
candidates for adding A-R when it's defined.)

Regards,
John Levine, johnl at iecc.com, Primary Perpetrator of "The Internet for Dummies",
Information Superhighwayman wanna-be, http://www.johnlevine.com, ex-Mayor
"More Wiener schnitzel, please", said Tom, revealingly.