On Tuesday 08 August 2006 14:30, J.D. Falk wrote:
On 2006-08-08 10:31, Scott Kitterman wrote:
If there is a reasonable way to do it, it might be useful for receivers
to be able to get a hint before going to DATA if the message is going to
be DKIM signed. I can envision looking for such a hint when evaluating a
message from an IP address listed in an RBL and perhaps going to DATA to
look for the promised signature.
This would break on forwarding -- so the positive ("yes, I signed this
message") is good, but the negative ("no, I don't sign") can't be
trusted without knowing a whole lot more about the sending site's
technical configuration and/or business practices.
Plus, spammers could easily start using this same technique to try to
bypass envelope security in hopes of then fooling DATA filters.
I can see some potential for this to make signing more attractive to
small senders who are more likely to be blocked due to RBLs. It may be
attractive to receivers as a way to reduce false positives from spam
filtering techniques used on the envelope.
Sounds like false hope to me; as a big receiver, I can't imagine that
I'd ever want to blindly trust assertions made by an unknown sender.
As both you and John L point out, this is a big issue. That's why I was
thinking about it being something in DNS related to the policy record so that
it would be at least slightly harder to lie about it. It's also why I
started with IF... I recognized that if it can be trivially spoofed, then
there's no reason to do it.
Scott K
Scott K
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html