On Mar 19, 2008, at 10:17 AM, Jim Fenton wrote: > Hector Santos wrote: >> You need to throw way the whole idea of mandating an MX. MX is >> for OUTGOING mail. DKIM is for IMCOMING mail. > > We agree on this. Sorry if my long-winded explanation of why > doesn't make that clear.
While email-addresses carried within a message aren't necessarily related to SMTP, the impetuous for DKIM is to deal with spoofing of publicly transmitted messages over SMTP. While only MailFrom is required to be compatible with SMTP, the From is not. However, development of the DKIM policy should clarify it pertains to messages sharing SMTP destinations. Any originating email-address is only valid when the transport is able to carry the message to its destination. In the case of SMTP, this requires publishing discovery records, which currently are MX, and A records. >> MA applies to the x821.MailFrom domain period. Attempting to tie >> to the the 2822.FROM is arkward and the proposed solution is >> isolated to a few systems that believe they have a total solution >> for the world. > > That's another good reason that hadn't occurred to me. This is a good reason to specify the scope of the policy. What other transports operating independently from SMTP will make use of DKIM ADSP policy records? Once those attempting to discover policy are able to understand the policy only relates to SMTP sources and destinations, then and only then can discovery records play a role in validating the domain. If there is to be any hope in defending the DKIM process, determination of a valid domain is likely to be essential. As abuse increases, this aspect of the SMTP protocol becomes increasing critical. -Doug _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
