[mail-vet-discuss] Auth-Results installed base
SM
sm at resistor.net
Mon Nov 3 23:25:30 PST 2008
Hi Doug,
At 18:39 03-11-2008, Douglas Otis wrote:
>The motivation for this header is in support of a questionable Sender-
>ID or SPF path registration scheme. Sender-ID is being sold as a
>replacement for source authentication.
The Authentication-Results header was introduced in 2004 as there
wasn't a standardized method to convey the results of DomainKeys verification.
>Not having this border header as a substitute for DKIM validation
>ensures ISPs will provide access to unmodified messages. To ensure
>security, verifying the DKIM signature should be done by the MUA
>making the annotation, rather than depending upon an injected third-
>party header.
If you go back through the DomainKeys and DKIM archives, you might
find that it was deemed unpractical to expect all MUAs to do DKIM
verification. That doesn't preclude MUAs from doing DKIM
verification if they support it. It can be problematic in cases
where the DKIM signature is time sensitive.
Regards,
-sm
More information about the mail-vet-discuss
mailing list