On Apr 27, 2013, at 12:38 AM, Franck Martin <fmar...@linkedin.com> wrote:
> > On Apr 27, 2013, at 12:17 AM, Matt Simerson <m...@tnpi.net> wrote: > >> >> On Apr 26, 2013, at 6:28 PM, Douglas Otis <doug.mtv...@gmail.com> wrote: >> >>> To really get DMARC to work as advertised, DKIM needs to be repaired. >>> >>> See: >>> http://www.bungi.com/Dom-v6.pdf >> >> From the aforementioned PDF: >> >> A convincing, albeit fake, header field can be prepended onto DKIM messages >> displayed to users instead of the signed header fields. This problem exists >> with Yahoo!, Comcast, Microsoft, and other email providers supporting DKIM. >> It is possible for DKIM to be corrected to ensure against messages with >> deceptive header fields being marked as having a valid DKIM signature. SMTP >> is not to enforce message formats as specified in the second to the last >> paragraph in RFC5321 Section 3.3. Message enforcement by the transport would >> thwart message structure evolution. >> >> The bolded sentence did not fit will with my recollection, so I went back >> and read that portion of RFC 5321: >> >> When the RFC 822 format ([28], [4]) is being used, the mail data >> include the header fields such as those named Date, Subject, To, Cc, >> and From. Server SMTP systems SHOULD NOT reject messages based on >> perceived defects in the RFC 822 or MIME (RFC 2045 [21]) message >> header section or message body. In particular, they MUST NOT reject >> messages in which the numbers of Resent-header fields do not match or >> Resent-to appears without Resent-from and/or Resent-date. >> >> It only says what that paper claims it says if one ignores the first 5 >> words. RFC 822 is not referring to SMTP, it is the protocol for ARPA >> Internet Text Messages. The proper format for SMTP messages is defined in >> RFC 2822, where the proper min/max number of header fields is defined. >> >> The author(s) of the DMARC draft were, at least in my reading, absolutely >> correct in stating that SMTP servers SHOULD reject messages with more than >> one From: header. Am I missing something? >> > Nope, and there must be one in every message, and if not mistaken by the ABNF > current syntax, this will contain at least one domain. Dear Frank and Matt, Check RFC5321 again. The reference to RFC822 also includes RFC5322 (foot note 4) as you point out. The same admonishment against format enforcement by the transport applies, otherwise it would never be able to evolve as it did between these two RFCs. It must be enforced where it matters, as it does with trust DKIM purports to establish, but utterly fails to uphold. The failure is that of DKIM and not SMTP. Regards, Douglas Otis
_______________________________________________ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
