Charles Lindsey wrote: > On Wed, 03 Jun 2009 17:13:02 +0100, Murray S. Kucherawy > <m...@cloudmark.com> wrote: > >>> WTF is the point of inserting an A-R header if you are not willing to >>> take responsibility for what you have done by signing it? >>> >>> And why should anyone else believe your A-R if you have omitted that >>> elementary step? >> Because, if you've followed the RFC defining it, the border MTA has >> removed any others present that could possibly be misinterpreted by >> internal agents. > > Yes, but that is the MTA at MY border. I would expect the assessor at MY > border to have indicated some degree of suspicion if the A_R header it was > about to remove (before substituting its own) was not included in the > signature that accompanied it.
The cases, IMO, of when a ar-header is useful from a foreign domain are vanishingly small, so removing it is just a matter of good hygiene. If capturing its essence is important, I suppose that we'll first see border mta software using it for something. To my knowledge, nobody is. (foreign a-r that is). >> You're not required to sign them, but it's not a bad idea. > > Then why are people on this list not trying to enocourage that good > practice? Indeed, why are they so vociferously trying to DIScourage it? Because it's a marginal case. At Cisco, the only thing that I'm aware* that we were using a-r for was generating gross statistics, where what even a trusted foreign verifier -- which we had none -- were useless for what we were using it for. Maybe we were outliers, but I doubt it. [*] yes a couple of us were using ar to color messages in our muas, but we were a pretty self-selected, self-interested population Mike _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html