At 09:08 18-08-2005, Scott Kitterman wrote:
It isn't entirely clear to me exactly where DKIM wants to live in
this chain. Is it a tool for the SMTP server to reject messages
from SMTP clients that are doing something unauthorized? Is it a
tool for post-acceptance filtering and routing in the MDA? Is it a
tool meant to give MUAs information to display to end users?
There has been a lot of discussion about rejection. Up to now, we
have "rules" and RBLs to reject "bad" messages. Mail filtering also
has a negative impact on mail delivery. DKIM also provides the
building block for whitelisting mail. It can also be abused as we
have seen in the discussion about replay attacks.
Given the transient nature of information in DNS, I think that any
technology that relies on DNS needs to be primarily a tool for the
MTA with the potential for secondary use at the MDA level if the
latencies are low enough. For MUAs, results need to be captured by
the MTA/MDA for display by upgraded MUAs.
The MUA may not be on an "always-on" connection or it may not have
the capabilities to do DKIM verification. That is where the
Authentication-Results header comes in.
Regards,
-sm
_______________________________________________
ietf-dkim mailing list
http://dkim.org