Re: Domainkeys and ISPs
On Sat, Mar 15, 2008 at 10:16:32AM +0800, Thomas Goirand wrote:
> Lionel Elie Mamane wrote:
>>> Isn't DKIM supposed to be an auth for the From: field?
>> Well, then transpose my whole argument to the From: field. It
>> doesn't make much of a difference.
> Of course it does!
> If somebody is sending with a From: with a domain installed on my
> server, then it's going to be either sent from localhost, or using
> smtp with auth.
I don't see why this implication would hold. A domain "installed on
your server" is a domain for which you are MX; that means that mail
*to* that domain goes to your server, not that mail *from* that domain
originates from your server. For a concrete example, I host the
conuropsis.org domain, and various users have various email addresses
in that domain. If they send email to your users, using their
@conuropsis.org address in the "From:" header, why would my server be
involved? They don't need to SMTP-auth send it to me, they can send it
directly to *your* machine, or their ISP's smarthost (which will send
it to your machine).
Now, if one of my users send email to another @conuropsis.org address,
and they use their ISP's smarthost to send all their mail, obviously
this ISP's outgoing SMTP server will not have an SMTP-auth
relationship with my MX; in this case, I do get an email with a domain
"installed on my server" in the "From:" field, that comes in from a
foreign IP address (not localhost), and not with SMTP-auth.