Re: [exim] Exim Snapshot - DomainKeys support - Testers want…

Top Page
Delete this message
Reply to this message
Author: David Woodhouse
Date:  
To: Tom Kistner
CC: exim-users, exiscanusers
Subject: Re: [exim] Exim Snapshot - DomainKeys support - Testers wanted
On Thu, 2005-02-03 at 13:27 +0100, Tom Kistner wrote:
> When signing, the lib first uses the "Sender:" and then the "From:"
> header to determine the "sending domain". This also gets written into
> the DomainKey-Signature: header unless you override with the "dk_domain"
> transport option.


Hmmm. What about the Resent-From: address? That could well be newer.

> > People seem to have been resistant to the idea that we should be using
> > the reverse-path instead of grubbing around the headers for a 'Purported
> > Responsible Address', or just pretending we think that a signature from
> > the domain in the From: header will survive.
>
> Concerning lists, DK will be pretty unuseable for quite a while anyway.
> Just look at all the mangling going on here. A ton of extra headers in
> the wrong place, a footer, MIME transformations ... I also don't know
> how many mailers still do 8bit->QP autoconversions. This might also be a
> PITA.


That's why I'm asking. DK should be usable with lists if done sensibly.

Obviosuly I'd have to be insane to reject your mail because the
'd=duncanthrax.net' signature is bad after it came through the mailing
list. But the list adds its own Sender: header -- hence my question
about what precisely is meant by the 'sending email address'. What
happens when we see a message with two DomainKey-Signature: headers?

--
dwmw2