サイトマップ | 連絡先 | IAjapan TOP
IAjapan 財団法人インターネット協会
有害情報対策ポータルサイト 迷惑メール対策編
  • 一般利用者の皆様へ
  • メール管理者の皆様へ
  • 関連情報
  • サイト紹介

Page 40

The message was sent to a mailing list service provider called example.net, which is used by example.com.  There, meetings@example.net is expanded to a long list of recipients, one of that is at the Chicago office.  In this example, we will assume that the trust boundary for chicago.example.com includes the mailing list server at example.net.


The mailing list server there first authenticated the message and affixed an Authentication-Results header field indicating such using its DNS domain name for the authserv-id.  It then altered the message by affixing some footer text to the body, including some administrivia such as unsubscription instructions.  Finally, the mailing list server affixes a second [DKIM] signature and begins distribution of the message.


The border MTA for chicago.example.com explicitly trusts results from mail-router.example.net so that header field is not removed.  It performs evaluation of both signatures and determines that the first (most recent) is a “pass” but, because of the aforementioned modifications, the second is a “fail”.  However, the first signature included the Authentication-Results header added at mail-router.example.net that validated the second signature.  Thus, indirectly, it can be determined that the authentications claimed by both signatures are indeed valid.



 [Page 40]

《PREV》 1 4 7 10 13 16 19 22 25 28 31 34 37 40 43 
リンク・転載・引用・ロゴ使用について | プライバシーポリシー | IAjapanについて | 連絡先