[dmarc-discuss] Original Authentication Results
jimpop at gmail.com
Wed Feb 29 15:48:36 PST 2012
On Wed, Feb 29, 2012 at 6:43 PM, Murray S. Kucherawy <msk at cloudmark.com> wrote:
>> -----Original Message-----
>> From: dmarc-discuss-bounces at blackops.org [mailto:dmarc-discuss-bounces at blackops.org] On Behalf Of Jim Popovitch
>> Sent: Wednesday, February 29, 2012 3:40 PM
>> To: dmarc-discuss at dmarc.org
>> Subject: Re: [dmarc-discuss] Original Authentication Results
>> >> Perhaps if there was a way to Sign those headers.....
>> > And if only such a method included an indication that "I [did not]
>> > add this" ...
>> Perhaps a DNS check to validate the Signature?
> How does that guarantee that B did not sign an X-Spam-Score header field that it didn't add?
Because B's signature lists the headers that B signed.
> Just because something's signed doesn't mean it's also true.
That's a whole different issue, one that won't be solved with another
header and/or another signature.
More information about the dmarc-discuss