On Jul 26, 2006, at 5:06 PM, Steve Atkins wrote:
On Jul 26, 2006, at 5:01 PM, Douglas Otis wrote:
No. Invalid signatures are to be ignored. In the case of a
mailing list, an invalid signature may be common for many years.
Only when there is an assertion that mail is never sent, can mail
be outright rejected, however scant.
If a sender asserts that all mail is signed, and you receive mail
purporting to be from that sender that isn't signed, are you
suggesting that it should be delivered anyway? If so, what's the
point of the sender asserting that all legitimate mail from them is
signed?
Not exactly. Although an invalid signature purporting to be from one
of the required domains could easily be added by a bad-actor, a valid
signature might also become invalid due to improper handling.
Policy indicates initial conditions, such as what domains will sign
the message. When the list is closed-ended, this indicates there is
a limited set of signatures associated with the OA. When the list is
open-ended, the OA may have been signed by an unknown signer, may not
have been signed, or have may have had a signature damaged.
In the case where the list is closed-ended and the signature is
invalid, unless there is mitigating reasons, the message may be
refused depending upon DKIM's track record for signature failure.
Policy does not dictate what gets rejected, only what the sender
indicates as the initial conditions.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html