[Asrg] where the message originated (was: DKIM role?) (SM)

Ian Eiloart iane at sussex.ac.uk
Mon Jan 19 09:48:36 PST 2009 


--On 19 January 2009 07:55:26 -0800 SM <sm at resistor.net> wrote:

> At 03:55 19-01-2009, Ian Eiloart wrote:
>> Er, a lot. Would you rather bank with an organisation that published
>> SPF records, or not? I know I would.
>
> I would prefer if my bank used a mechanism for email that protects the
> integrity of the content.
>
>> I'd also like an email client that tells me when the From: header
>> domain doesn't match the return-path domain.
>
> There are cases where the From: header may not match the Return-path
> domain; for example, messages from this mailing list.  It's also common
> for web-generated email traffic but that's mainly because most users are
> not aware that specifying the email address for the From: header doesn't
> set the email address for the Return-path.

Yes, I know. Presumably your bank doesn't email you through this list or 
any other, though. What I'm after here is avoiding bank phishing. When 
communicating with my bank, I want them emailing me directly, to my current 
email address.

I'd be just as happy if they used DKIM to sign the message. I'd still need 
my mail client to tell me that it was signed properly, though. And, signed 
by the owner of the address that I can see in the message headers.

>
> The Return-path only tells us where to bounce the message.  It doesn't
> tell us who actually sent the message.  In paper communication, we use
> the signature and not the return address to validate authorship.  When we
> receive a letter, we rarely look at the return address.  That information
> is useful for the delivery service.  Most people don't determine where
> the message originated.  The only information we notice, if we have
> access to the envelope, is whether the letter is domestic or comes from a
> foreign country.
>
> Regards,
> -sm
> _______________________________________________
> Asrg mailing list
> Asrg at irtf.org
> http://www.irtf.org/mailman/listinfo/asrg



-- 
Ian Eiloart
IT Services, University of Sussex
x3148

More information about the Asrg mailing list