In fact the main reason that I question the need to have most/any of
SSP --in the *first* round of standardization -- is that there is quite a
bit of utility in exactly the scenario you describe: A message arrives
with a signature. *ANY* signature. There is quite a bit of useful
information derived from validating that signature, or having the
signature fail validation.
I guess I'm having trouble understanding what this utility would be.
Perhaps if you could explain what you believe can be done with this
signature and this signature alone, I might understand better.
So far, I've thought of what I think is a good use. I take the IP of the
domain from a validated d= and run it through the RBL lists. This way you
get a reputation assessment of the IP that delivered the message AND a
separate one for the signing domain too. This gets injected into the
process as a filter input.
I think this is useful (are there any problems with doing that?)
--
Arvel
_______________________________________________
ietf-dkim mailing list
http://dkim.org