On Tue, 8 Aug 2006, J.D. Falk wrote:
On 2006-08-08 11:43, Scott Kitterman wrote:
Sounds like false hope to me; as a big receiver, I can't imagine that
I'd ever want to blindly trust assertions made by an unknown sender.
As both you and John L point out, this is a big issue. That's why I was
thinking about it being something in DNS related to the policy record so
that it would be at least slightly harder to lie about it. It's also why I
started with IF... I recognized that if it can be trivially spoofed, then
there's no reason to do it.
We can accomplish that much without any changes to SMTP:
- SMTP conversation happens as per usual
- receiver looks up MAIL FROM domain, checks SSP
- receiver decides whether to accept the message and check the signature, or
reject based on non-DKIM-related criteria
Why would receiver check SSP for MAIL FROM domain when it is not the
same identity as the one DKIM SSP is based on? Don't mix things up
if you expect correct results.
--
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html