2.2. Valid Signature
A "Valid Signature" is any signature on a message that correctly
verifies using the procedure described in Section 6.1 of [RFC4871].
2.3. Author Address
An "Author Address" is an email address in the From: header field of
a message [RFC5322]. If the From: header field contains multiple
addresses, the message has multiple Author Addresses.
2.4. Author Domain
An "Author Domain" is everything to the right of the "@" in an Author
Address (excluding the "@" itself).
2.5. Alleged Author
An "Alleged Author" is an Author Address of a message; it is
"alleged" because it has not yet been checked.
2.6. Author Domain Signing Practices
"Author Domain Signing Practices" (or just "practices") consist of a
machine-readable record published by the domain of an Alleged Author
that includes statements about the domain's practices with respect to
mail it sends with its domain in the From: line.
2.7. Author Domain Signature
An "Author Domain Signature" is a Valid Signature in which the domain
name of the DKIM signing entity, i.e., the d= tag in the DKIM-
Signature header field, is the same as the domain name in the Author
Address. Following [RFC5321], domain name comparisons are case
^DooM^ wrote:Also lets play devils advocate here for a second. Assume you are hosting lots of domains for lots of different people and one of these guys happens to find out about another domain that's hosted on hMail and thinks, I know, If i send my spam out through my server and set my from header to his domain, DKIM will be signed from his domain and he gets in trouble.
hMail would have to sign the DKIM because it would have to trust the from header and it has the private keys for that domain. So you have to fall back to using SMTP Envelope From as that HAS to be authorized with a password and is therefore a 100% trusted source.
Users browsing this forum: katip and 0 guests