On Nov 2, 2005, at 9:47 AM, Hector Santos wrote:
Table 1.0 - DKIM Verification States illustrates all possible
outcomes for signature verification against SSP.
+------------------------------------------------------+
| Sender Signing Policy Result |
+-----------+----------------------------------------------+-------|
| result | WEAK | NEUTRAL | STRONG | EXCLU | NEVER | NONE |
| verify | OPT | OPT/3PS | REQ/3PS | REQ | | |
+-----------+--------+---------+---------+--------+--------+-------|
| NONE | accept | accept | reject | reject | reject | accept|
|-----------+--------+---------+---------+--------+--------+-------|
| PASS | accept | accept | accept | accept | reject | warn |
|-----------+--------+---------+---------+--------+--------+-------|
| PASS 3PS | reject | warn | accept | reject | reject | warn |
|-----------+--------+---------+---------+--------+--------+-------|
| FAIL | warn | warn | warn | warn | reject | warn |
|-----------+--------+---------+---------+--------+--------+-------|
| FAIL 3PS | reject | warn | warn | reject | reject | warn |
+------------------------------------------------------------------+
This chart represents multi-level ratings added together with email-
address reputations to determine whether a message is to be
accepted. As with any reputation scheme, a negative reputation is
bad. All columns that permit third-party signing should be
considered NOT RECOMMENDED to protect the reputation of the email-
address.
It is interesting that an invalid signature is offered greater access
than no signature. The invalid signature is even granted greater
acceptance than a valid third-party signature. Where there is no
policy, a third-party signature is given reduced acceptance to that
of no signature? This seems force the use of SSP and completely
ignore the reputation of the signing-domain, does it not?
-Doug
_______________________________________________
ietf-dkim mailing list
http://dkim.org