John L wrote:
It may well be true that you only sign third party mail, but I still
don't understand what use a recipient might make of that information.
If they get unwanted mail from someone and you've signed it, they'll
complain to you regardless.
A recipient will then have a valid party to complain to which is better
than blocking a domain that has been spoofed.
I still don't understand the scenario. Let's call the domain isp.com.
Is it:
A) No mail has an isp.com From: address, but mail with other From:
addresses may have an isp.com signature.
Consider what I believe Y! does in their MUA: if it's got a valid
signature from isp.com
with a From: foo(_at_)customer(_dot_)com, it doesn't get a nice little message
saying that Y!
believe it came from customer.com. Thus the outsourced mail will not be
treated on
a par with mail signed on behalf of the domain.
That's something.
Mike
B) Mail goes out with From: addresses at isp.com, but none of it is
signed. Mail with other From: addresses may have an isp.com signature.
C) something else.
Scenario A is "we send no mail," with the possibility of third party
signatures on other mail being irrelevant. Like I said, if you sign
it, you'll get the complaints no matter what your SSP says.
Scenario B is technically possible but makes no sense. If you have the
ability to sign mail, why wouldn't you sign your own?
What am I missing here?
R's,
John
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html