IETF Logo Mail Archive

Re: [Asrg] RFC5451 Re: who gets the report, was We really don't need

"Murray S. Kucherawy" <msk@cloudmark.com> Wed, 10 February 2010 17:21 UTC

Return-Path: <msk@cloudmark.com>
X-Original-To: asrg@core3.amsl.com
Delivered-To: asrg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E32773A722A for <asrg@core3.amsl.com>; Wed, 10 Feb 2010 09:21:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.637
X-Spam-Level:
X-Spam-Status: No, score=-2.637 tagged_above=-999 required=5 tests=[AWL=-0.038, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id H4KXfQuaLKbF for <asrg@core3.amsl.com>; Wed, 10 Feb 2010 09:21:46 -0800 (PST)
Received: from ht1-outbound.cloudmark.com (ht1-outbound.cloudmark.com [72.5.239.35]) by core3.amsl.com (Postfix) with ESMTP id 2E4F73A7760 for <asrg@irtf.org>; Wed, 10 Feb 2010 09:21:46 -0800 (PST)
Received: from EXCH-C2.corp.cloudmark.com ([172.22.1.74]) by malice.corp.cloudmark.com ([172.22.1.71]) with mapi; Wed, 10 Feb 2010 09:22:56 -0800
From: "Murray S. Kucherawy" <msk@cloudmark.com>
To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
Date: Wed, 10 Feb 2010 09:22:54 -0800
Thread-Topic: [Asrg] RFC5451 Re: who gets the report, was We really don't need
Thread-Index: AcqqJ/1t1PaSZZnPRYy9ZvEcNxCs3AATW1Ug
Message-ID: <BB012BD379D7B046ABE1472D8093C61C01C3C455C6@EXCH-C2.corp.cloudmark.com>
References: <20100208153359.56374.qmail@simone.iecc.com> <20100208164237.389722425C@panix5.panix.com> <4B704FFC.8040306@tana.it> <4B7059C9.2060102@nortel.com> <BB012BD379D7B046ABE1472D8093C61C01C3C452A4@EXCH-C2.corp.cloudmark.com> <4B7070AF.2050304@nortel.com> <2E34570FC4E61E0A7E857EBF@lewes.staff.uscs.susx.ac.uk> <4B717820.9090506@tana.it> <BB012BD379D7B046ABE1472D8093C61C01C3C454E2@EXCH-C2.corp.cloudmark.com> <4B7268F5.1040909@tana.it>
In-Reply-To: <4B7268F5.1040909@tana.it>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-cr-hashedpuzzle: Rhw= APbA AstX BGnb BI+w DMHb D63R EE2M ETFU FytI GBRg H7CP IFO6 IIWF JA9K JZom; 1; YQBzAHIAZwBAAGkAcgB0AGYALgBvAHIAZwA=; Sosha1_v1; 7; {A3B09F93-CF02-40A0-85AF-BBE9E9ADCCE2}; bQBzAGsAQABjAGwAbwB1AGQAbQBhAHIAawAuAGMAbwBtAA==; Wed, 10 Feb 2010 17:22:54 GMT; UgBFADoAIABbAEEAcwByAGcAXQAgAFIARgBDADUANAA1ADEAIABSAGUAOgAgACAAdwBoAG8AIABnAGUAdABzACAAdABoAGUAIAByAGUAcABvAHIAdAAsACAAdwBhAHMAIABXAGUAIAByAGUAYQBsAGwAeQAgAGQAbwBuACcAdAAgAG4AZQBlAGQA
x-cr-puzzleid: {A3B09F93-CF02-40A0-85AF-BBE9E9ADCCE2}
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [Asrg] RFC5451 Re: who gets the report, was We really don't need
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Feb 2010 17:21:47 -0000

> -----Original Message-----
> From: asrg-bounces@irtf.org [mailto:asrg-bounces@irtf.org] On Behalf Of
> Alessandro Vesely
> Sent: Wednesday, February 10, 2010 12:06 AM
> To: asrg@irtf.org
> Subject: Re: [Asrg] RFC5451 Re: who gets the report, was We really
> don't need
> 
> On 09/Feb/10 23:31, Murray S. Kucherawy wrote:
> >>>  Could the MDA add a DKIM signature for the authentication results
> header?
> >>
> >>  Yes, it could. However, removal of the field on forwarding would
> then
> >>  break the signature.
> >
> > True, but you don't have to do that.
> 
> But retention is only allowed for trusted internal MTAs.

More accurately, removal is required if the A-R header claims to be one of yours but it's not coming from an MTA you trust (e.g. one of your border MXes).

An A-R header claiming to be from elsewhere doesn't have to be purged, so a signature covering it would continue to validate.  The MUA, however, is supposed to know to ignore those.

v2.23.0 | Report a Bug | By Email