On Thu, May 28, 2009 at 08:23:11AM -0700, Dave CROCKER wrote: > >Michael Adkins wrote: >> The presence of a header field that is signed does not guarantee that it >> was placed there by the signer, merely that it was present when the >> message was signed. It therefore does not provide a mechanism for >> verifying that the requested destination address is authoritative for >> the domain. > >Oops. Right. I keep raising the same point about whether contents are >validated >by DKIM. Sigh. > >So, there's a Pandora's box that this raises, which is how to use DKIM in a >way >that has the semantics of claiming that bits of contents are in fact valid?
So the Affiliated Names List could be applied here. That proposal basically says that if you find an authenticated domain in my DNS, consider that some sort of relationship exists. Applying that to this: FBL-Where-To-Send-Header: f...@example.net DKIM-Signature: ... d=example.com ... If in example.net's dns there exists an entry for example.com, then one can safely assume there is a relationship between the two. http://mipassoc.org/affil/specs/draft-macdonald-affiliated-nameslist-00-04dc.html -- Jeff Macdonald jmacdon...@e-dialog.com _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
