----- Original Message -----
From: "Jim Fenton" <fenton(_at_)cisco(_dot_)com>
To: "Hector Santos" <hsantos(_at_)santronics(_dot_)com>
[FLAWED TECHNOLOGY!]
If one or more signatures are valid, then process the message as
a good signature. This includes if there exist one or more
bad signature. As long as there is 1 good signature, process
the message as a good signature.
Perhaps this is part of sort_signatures_into_preferred_order(), but I
wanted to make it explicit: Since SSP might not allow third-party
signatures, it's probably best to check first-party signatures first.
Stopping with the first valid signature might not give the right result
otherwise.
Possibly. The sorting question seems to be "kludge" or an attempt to make
something good out of something that just be really bad.
In my view, four items are keeping us from going full steam with this:
- the SSP,
- list servers,
- mix policy conflict, and
- authorization results/reporting.
All needs to be resolved before trying to make heads or tails from DKIM
signatures. Too many mushrooms in this "DKIM Green Field."
For the records, we have begun collecting DKIM and DOMAINKEY signed messages
passing through our system. I'm seeing fraud already taken place. The most
obvious are those with no policies - just fake signatures. I'm also seeing
the spammers beginning to use one or both thru 3rd party domains. These 3rd
party domains are going to be a high risk of quickly getting "flagged."
--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com
_______________________________________________
NOTE WELL: This list operates according to
http://dkim.org/ietf-list-rules.html