Dave Crocker wrote
I like your wording enough to suggest that we try to assess support
for it among the list.
I'm suggesting some minor changes, only to tighten it up a bit:
There is nothing in an ordinary email message, except for the RCPT TO
line
and the IP address of the host that sent it to you, that is a reliable
identifier. A validated DKIM signature lets you take some reasonable
subset
of the message you received and know that it came from a designated
source.
The main benefit of DKIM is that a validating agent can know where the
message came from. This is more reliability than email source
identification has ever had before.
This is useful, but seems to ignore the discussion that has been surrounding
the fact the signature does not provide assurance about the source - rather
it provides assurance that a specified signing party is vouching for the
message. The signing party may be associated with the source, or they may
not be. Accepting the message on the basis of the signature implies
accepting the relationship between the signing agent and the message
originator.
_______________________________________________
ietf-dkim mailing list
<http://dkim.org>