I think that the history of adoption of SPF by spammers
demonstrates nicely that the mere act of associating a
confirmable identity is not enough. So the mere act of
signing should not be a criterion for acceptance of the mail.
The required additional step is some basis for assessing that identity.
I agree. At present, the mere existance of a valid signature does not get
you much in my MTA (a slightly positive value added to the spam filter score
is about it and this probably isn't a good idea). However, just seeking
off-topic advice here before I do it, would it be good or bad to run the IP
of the signing domain through the existing IP-based RBLs? I would like to
code for that today so I'm selfishly seeking some advice :)
--
Arvel
_______________________________________________
ietf-dkim mailing list
http://dkim.org