On Jul 26, 2006, at 4:25 PM, Steve Atkins wrote:
On Jul 26, 2006, at 12:58 PM, Hallam-Baker, Phillip wrote:
That is not true.
I sign everything will still result in messages that have failed
sigs due to mailing lists and such.
I send nothing is much more categorical. The data can go straight
to the bit bucket
But surely if you assert "I sign everything" then any mail that is
unsigned (where "signature corrupted by mailing list" is identical
to unsigned) should go straight to the bitbucket.
No. Invalid signatures are to be ignored. In the case of a mailing
list, an invalid signature may be common for many years. Only when
there is an assertion that mail is never sent, can mail be outright
rejected, however scant.
Or are you suggesting that an email from a sender who "signs
everything" that arrives with an invalid signature should be
treated as valid? If so, DKIM+SSP is worthless. If not, then the
two assertions are identical in result.
The real value would be found including Designated Signing Domain
Lists as part of the policy. Annotations that an email-address is
associated with the signing domain could provide value from an
assurance standpoint.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html