"With DomainKeys, the absence of a verifiable digital signature
header in an E-mail purporting to be from a domain which has
a DomainKeys DNS record may indicate that that E-mail is a
forgery. Thus, E-mails may be divided into three classes:
* valid DomainKey signature: authentic
* invalid or missing DomainKey signature for a domain with the DNS
record: usually forged
* no DNS record or header: unknown status"
As I have understood it, you can not really find the
DomainKey-DNS-record unless you know the selector, which
you do not really unless you have a domainKey signature. Is
this correct or have I misinterpreted the drafts?
Your deduction is correct. Dr. Watson. :-)
Thank you.
It is similar to the current DKIM Policy discussions here, regarding the
need to find the policy expectation for signing when the signature is not
there, or there and not expected, and other policy inconsistency
considerations.
Thank you, I will try to read back on that discussion as I'm studying
SPF and other anti-phishing mechansims right now where this plays a
vital part, which is why I posted the question.
/Stefan
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html