On 8/24/06, Hector Santos <hsantos(_at_)santronics(_dot_)com> wrote:
----- Original Message -----
From: "Jon Callas" <jon(_at_)callas(_dot_)org>
To: "Damon" <deepvoice(_at_)gmail(_dot_)com>
> On 24 Aug 2006, at 10:38 AM, Damon wrote:
>> What do we do when there is no signature and no d= domain to
>> work with?
>> This is sort of hazy in my mind.
> You do anything you want to do. Perhaps more correctly, you do what
> you're doing now. If there's no signature, it's not a DKIM message.
Then this is a MAJOR loophole and it causes harm to verifiers and users,
never mind to domains who did not expect this. It lowers the payoff for
verifiers to even support DKIM and get this:
"Spammers now do not need to bother with DKIM.
A zero cost do nothing technological discovery!"
If we can resolve this, the value of DKIM-BASE has been watered down
I hired an alarm company to protect my house. They put an alarm on my
front door. I use it thinking it is protecting me and under every
window there is a sign that says "Burglars Enter Here!" and a sign on
the front door that says "The key is under the mat".
I don't want to have to purchase not one more box or peice of
software that is going to "protect" me by managing all my keys,
relationships, and make reports on the trust levels of everyone else
in order to make this work. I will say the magic word... Please.
NOTE WELL: This list operates according to