- Define some (few, simple) rules for when messages MUST NOT be
DKIM-signed (e.g. those that contain >1 From address)
- When a signer is presented with such a message, it doesn't sign
it, or forward it, but bounces/deletes it (whatever the right
mail thing to do is).
Doug is right to say that unsigned messages are incompatible with the
EXCLUSIVE policy so we can't make provision for an unsigned message leaving
the administrative domain of an EXCLUSIVE policy holder. Thus, I understand
the suggestion to refrain from delivery or forwarding messages which (for
whatever reason) can't be signed. Something along the lines of the mail
server saying "550 I can't accept that message because it can't be DKIM
signed" might be nice. However, all this is out of the strict control of a
DKIM signer and into the realm of the mail server isn't it? In order to
comply with these type of provisions wouldn't the DKIM signer have to also
possess some significant measure of control over other aspects of the mail
handling system? Do we want to give the potential DKIM implementor the
feeling that they also have to control when messages are forwarded or
bounced or deleted? Am I understanding this thread correctly? LOL.
--
Arvel
_______________________________________________
ietf-dkim mailing list
http://dkim.org