An MTA adding this header field must take steps to identify it as legitimate to the MUAs or downstream filters that will ultimately consume its content. One required process to do so is described in Section 5. Further measures may be required in some environments. Some possible solutions are enumerated in Section 7.1. This memo does not mandate any specific solution to this issue as each environment has its own facilities and limitations.
For MTAs that add this header field, adding header fields in order (at the top), per Section 3.6 of [MAIL], is particularly important. Moreover, this header field SHOULD be inserted above any other trace header fields such MTAs might prepend. This allows easy detection of header fields that can be trusted.
End users making direct use of this header field may inadvertently trust information that has not been properly vetted. If, for example, a basic [SPF] result were to be relayed that claims an authenticated addr-spec, the local-part of that addr-spec has actually not been authenticated. Thus, an MTA adding this header field SHOULD NOT include any data that has not been authenticated by the method(s) being applied. Moreover, MUAs SHOULD NOT render to users such information if it is presented by a method known not to authenticate it.
本ヘッダフィールドを直接使用するエンドユーザは、十分に吟味されていない情報を不用意に信頼してしまうかもしれない。たとえば、addr-specが認証済みであると主張する基本[SPF]結果が中継される場合、そのaddr-specのlocal-partは実際には認証されていないことになる。それゆえ、このヘッダフィールドを追加するMTAは、適用されている方式で認証されていないいかなるデータも含むべきではない(SHOULD NOT)。さらに、ある情報の認証用として知られていない方式によって提示されている情報については、MUAはその情報をユーザに表示すべきではない(SHOULD NOT)。
4.1. Header Field Position and Interpretation
In order to ensure non-ambiguous results and avoid the impact of false header fields, MUAs and downstream filters SHOULD NOT interpret this header field unless specifically instructed to do so by the user or administrator. That is, this interpretation should not be “on by default”. Naturally then, users or administrators should not activate such a feature unless they are certain the header field will be added by the border MTA that accepts the mail that is ultimately read by the MUA, and instances of the header field appearing to be from within the ADMD but actually added by foreign MTAs will be removed before delivery.
4.1. ヘッダフィールドの位置と解釈
Furthermore, MUAs and downstream filters SHOULD NOT interpret this header field unless the authentication identifier it bears appears to be one used within its own ADMD as configured by the user or administrator.
さらに、MUAおよび下流フィルタは本ヘッダフィールドに含まれる認証識別子がユーザまたは管理者によって設定された自身のADMD内で使われているものでない限り、本ヘッダフィールドを解釈すべきではない(SHOULD NOT)。
MUAs and downstream filters MUST ignore any result reported using a “result” not specified in the result code registry, or a “ptype” not listed in the corresponding registry for such values as defined in Section 6. Moreover, such agents MUST ignore a result indicated for any “method” they do not specifically support.
[Page 19]
《PREV》 | 1 4 7 10 13 16 19 22 25 28 31 34 37 40 43 |