On Jan 31, 2006, at 9:59 AM, <Bill(_dot_)Oxley(_at_)cox(_dot_)com> wrote:
Sorry,
Should have been clearer.
Bad guy sends a message purportedly from cox.com with a header
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=cox.com
The non dkim compliant mta who hasn't deployed dkim yet or knowing
much
about it places a rule stating that signed messages should be
allowed to
travel inbound without further checking because dkim is new and safe.
A dkim compliant mta will do a dip on my dns records and find no
ssp or
dk record and drop the message as non compliant.
I suspect that in the beginning there will be a lot more of the former
than the latter.
I suspect this is a non-issue.
The reason is that the early adopters of DKIM are going to be bulk
mailers. As such, any MTA or spam filtering system that's not got to
the point of actually checking DKIM signatures is going to be configured
to behave according to the correlation between DKIM headers and
unwanted mail, if they pay any attention at all.
The odds of more than a vanishingly small fraction of non-DKIM-aware
MTAs _increasing_ deliverability for DKIM headers is really low.
Decreasing, sure, but not increasing.
It's also "not our problem".
Cheers,
Steve
_______________________________________________
ietf-dkim mailing list
http://dkim.org