Re: Domainkeys and ISPs
Lionel Elie Mamane wrote:
> On Fri, Mar 14, 2008 at 03:59:57PM +0800, Thomas Goirand wrote:
>> Lionel Elie Mamane wrote:
>>> On Fri, Mar 14, 2008 at 07:02:58AM +0800, Thomas Goirand wrote:
>>>> Anyway, I don't think it's based on the return-path: field...
>>> I was refering to the return path in the SMTP envelope, obviously. If
>>> the "the list of domains for which it signs mail" is not a list of
>>> domains for the return path / sender in the SMTP envelope, then it is
>>> a list of domains for *what*?
>> Isn't DKIM supposed to be an auth for the From: field?
> Well, then transpose my whole argument to the From: field. It doesn't
> make much of a difference.
Of course it does!
If somebody is sending with a From: with a domain installed on my
server, then it's going to be either sent from localhost, or using smtp
with auth. In that case, the mail should be signed, which will be the
case as the email is on my domain list. Any other possibility should be
blocked, as it might be some forgery. The normal postfix rules apply...
If the email is coming from another domain, then it will NOT be signed,
as it's coming from a domain that is not in our list.
Then the mail is forwarded.
What do you see that doesn't work on what I just wrote? To me,
everything is fine the way it is at the moment!