Hector Santos wrote:
I think you are underestimating the flip side - receivers
won't bother with implementing DKIM verification. DKIM
Signatures - valid, broken or otherwise, without a concept
that is essentially a "permission or authorization to sign
verification" concept, has little to no value.
+1 A bit like a signed timestamp line (?) Certainly nice to
have a single format for all signing MTAs, and to aggregate
them into sets of signing MTAs belonging to the same signing
MON or mediator.
For the MRN that might be faster and is probably much more
reliable than to analyze the timestamp lines. But a chance
to reject some "bad" mails directly would be better.
You got to give me solid, logical and deterministic reasons
why we should even bother looking for DKIM signatures - valid
or not.
Those "sets of signing MTAs belonging to the same signing MON"
are less granular than "sending IPs" as used for DNSBLs. That
could be an advantage if you have your own local "reputation"
database. E.g. if you get a mail from Jim signed by Cisco you
could say "Cisco mails are often good". If you get a similar
mail signed by #####groups that might be different... <beg>
Why bother trying to verify the signature?
Feedback loop with a scoring system based on reputation ? Bye
_______________________________________________
ietf-dkim mailing list
http://dkim.org