On Jul 13, 2006, at 3:26 PM, Tony Hansen wrote:
I'm saying that
if there are Resent-* headers representing identity, they should
be signed
We should be agnostic to the debate. If the MUA uses them, support
them.
If the MUA does NOT use them, we don't.
Agreed. It is still to be seen what will be practical. Message
annotation proactively protecting recipients without suffering a
discovery process climbing label trees looking for a possible policy
confirmation that may, in the end say little, if anything, about what
mail is acceptable. Spammers can adopt policy record requirements
and thus this requirement will offer little in the way of protection
from abusive email, especially when email-address recognition is not
assumed. DKIM without some type of annotation is already prone to
Microsoft X-Message headers, as well as notations related to the
Sender header. That involves just one of hundreds of MUAs. Once MUA
developers incorporate information confirmed by DKIM sans policy,
substantial protections can be achieved by comparing signing domains
against information collected in Address Books, or correspondence lists.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html