RFC8601 sec 5 states: > any MTA conforming to > this specification MUST delete any discovered instance of this header > field that claims, by virtue of its authentication service > identifier, to have been added within its trust boundary but that did > not come directly from another trusted MTA.
In my opinion, a header that does not conform to the specified authres-header-field in the RFC, is not an Authentication-Results header, has no authentication service identifier, and as such cannot claim anything in the context of the RFC. So suppose there is a mail system with an UTF-8-non-ASCII authserv-id. When creating its own A-R headers, it puts the authserv-id into quotes, because it cannot use it without them, as discussed in the separate thread. What should the system do with an A-R header of an inbound message that incorporates the system's authentication service identifier without using quotes, but that otherwise would be syntactically correct? Again in my opinion, the system needs to keep the header, but what is the RFCs intention?
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
