-----Original Message-----
From: MH Michael Hammer (5304) [mailto:MHammer(_at_)ag(_dot_)com]
Sent: Monday, September 13, 2010 12:06 PM
To: Murray S. Kucherawy; dkim-ops(_at_)mipassoc(_dot_)org
Subject: RE: [dkim-ops] hammering with a soldering iron, was subdomain vs.
cousin domain
I think your last comment is perhaps the most interesting one. As John
Levine frequently reminds us as he invokes King Canute, we cannot tell
receivers what to do. I don't know if this association exists, but if
receivers find an association between failed signatures and malicious
email I can just about guarantee you that they will take advantage of
that data point..... Regardless of what the standard says. Bottom line,
a failed signature will be treated in accordance with those things that
a failed signature is perceived to be associated with.
Naturally that's true, but I think until there's evidence that a negative
validation should mean something, I'm inclined to believe the RFC's advice is
right. That's based on the notion that there are lots of reasons a signature
validation can go awry, and they're often not the fault of either of the
endpoints, so arbitrary interruption of the flow of mail seems to be something
to avoid.
_______________________________________________
dkim-ops mailing list
dkim-ops(_at_)mipassoc(_dot_)org
http://mipassoc.org/mailman/listinfo/dkim-ops