On Wed, Jul 26, 2006 at 05:06:09PM -0700, Steve Atkins allegedly wrote:
No. Invalid signatures are to be ignored. In the case of a
mailing list, an invalid signature may be common for many years.
Only when there is an assertion that mail is never sent, can mail
be outright rejected, however scant.
If a sender asserts that all mail is signed, and you receive mail
purporting to be from that sender that isn't signed, are you
suggesting that it should be delivered anyway? If so, what's the
point of the sender asserting that all legitimate mail from them is
signed?
+1
If a verifier ignores the "I sign everything" policy then they are
just as likely to ignore the "I send nothing" bit, where-ever that bit
may live.
There is a non-minor matter. Which "I" is not sending? From:, Sender:,
2821.MailFrom? All of the above?
Avoiding a re-dredge of that schizophrenia is going to be *quite* the
challenge.
Mark.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html