Hi, the following "overview" paragraph is somewhat unclear: | Historically, email delivery assessment decisions have | been based on an identity that used the IP Address of | the system that directly sent the message (that is, the | previous email "hop"), [RFC4408] or on the message | content (e.g. [RFC4406] and [RFC4407]).
RFC 4405..4407 are an example of, generally speaking, using the message content, but actually they are based on the PRA as defined in RFC 4407, determined by looking at the header. The SMTP extension "submitter" in RFC 4405 is in essence a shortcut and irrelevant for a DKIM overview memo, but using correct terminology for PRA makes sense, proposal: [...] | content (e.g. the "Purported Responsible Address" defined | in [RFC 4407] as used in [RFC 4406]). RFC 4406 + 4408 are not limited to identities related to the IP of the client, if they use the exists-mechanism. IMHO it would be clearer to enumerate the relevant identities: * direct uses of the IP (e.g. DNSBLs, inserting a reference to the ASRG DNSBL draft if it is ready in time) * uses of the HELO-identity (e.g. in [RFC 4408] policies, or 'iprev' in [I-D.kucherawy-sender-auth-header]) * uses of the envelope sender address (e.g. in [RFC 4408]) * PRA (see above) The overview memo has a reference to sender-auth-header, mentioning 'iprev' should be no timing problem. Maybe we can agree that DKIM+ADSP is supposed to play in the same field as PRA, and while I dare not say "replace PRA" it is IMO still relevant to spell its name out. Frank _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
