On Mar 9, 2023 at 15:55:20 MST, Michael Thomas <[email protected]> wrote:
On 3/7/23 2:46 PM, Jim Fenton wrote:
Section 3.4: I would always expect an inbound filtering service to do
SPF/DKIM checks and apply an Authentication-Results header field with the
result. Are there any that don’t? I don't think we should count on
Auth-res being there or not. As I mentioned previously, there is a wealth of
possible meta information produced in the act of verification that is not
necessarily transported by the Auth-res header. Frankly, I'm not sure why
Auth-res needs to be brought up at all -- by the time it is applied, it has
already fallen into the black box of the receiver of which we know little
about.
The inbound filtering service is acting on behalf of a recipient domain, so I
expect that it would have some way to signaling any authentication information
that domain might need that it interferes with (such as the sending IP address)
by virtue of receiving the message on their behalf. Authentication-results is
one way that is often done, but perhaps I was being too specific in citing it.
-Jim
_______________________________________________
Ietf-dkim mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ietf-dkim
