On August 18, 2005 at 17:01, Douglas Otis wrote:
DKIM provides significant value beyond implementing a weak and
uncertain anti-spoofing mechanism. MUAs are not designed to ensure
the identity of the author or sender. As a result, MUAs often fail
to show headers intended to indicate this information. In addition,
MUAs also often fail to show underlying email addresses in favor of
"pretty names." This makes for a poor foundation upon which to build
any anti-spoofing mechanism without major renovations.
...
Since it appears there are different views on what DKIM should,
or should not be, I want to make sure I understand your view, without
the clutter of debating specifcs.
Is your view in a nutshell (of what DKIM should be): When a domain
signs a message, it is saying, "Here is what I got and transmitted."
DKIM only provides a verifiable trace of a message.
And/or, DKIM should provide verifiability of a message's originating
domain: the initial domain that receives a sender's message for
transmission. When the initial domain signs a message, it is saying,
"Here is what the domain-authorized sender submitted to me for
transmission."
--ewh
_______________________________________________
ietf-dkim mailing list
http://dkim.org