Murray S. Kucherawy wrote: > 8.15. Attacks Involving Extra Header Fields > > ... > > Many email components, including MTAs, MSAs, MUAs and filtering > modules, implement message format checks only loosely. This is done > out of years of industry pressure to be liberal in what is accepted > into the mail stream for the sake of reducing support costs; > improperly formed messages are often silently fixed in transit, > delivered unrepaired, or displayed inappropriately (e.g., by showing > only one of multiple From: fields).
May only nit about this statement is that its more simple than being under pressure, liberal or to reduce cost - in the anals of electronic mail, across all networks, only ONE FROM is expected. Therefore, I have my doubts any mail software was ever designed to hold a "list" or a collection of more than one From: header simply because it wasn't never expected - by design. Now, whether software check for message validity, why they did so and how wide spread this checking is done, probably has to do more about how robust the software is to watch for illegal RFC 822/2822/5322 messages. The irony here is that the original issue posting was due to software that allowed illegal submission of a DKIM signed message but when it wasn't signed, the software kicked out the illegal messages. So its more about how the current edge software deal with it. Its how they integrate it with DKIM and they need to dot all the eyes, cross all the t's in their integration. If they have software control of their DKIM stuff, its probably a good idea to make their the Verifier and Signer has a One From DKIM Rule concept as cited in my previous post and the specs should make that very clear. -- Hector Santos, CTO http://www.santronics.com http://santronics.blogspot.com _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html