Damon wrote:
I was having this discussion with someone off-list but...
Where I live, I am serviced by only one ISP. I get a discount by
having my services (business, home, cell, internet, etc) bundled by
this one provider and they sign all my messages. Choosing another
provider etc. may not be financially agreeable. I also know that
there are spammers or bots on this provider that take enjoyment out
of using my name. So I want to say- Trust my signature but expressly
distrust my providers signature if not also signed by me. Both
messages, mine and the spammers are genuine and unchanged, signed by
my provider, but only my signed messages are valid.
I see this as a feature.
I think this reduces down to the 1st party scenario: you sign your mail,
and it may in transit collect some other signatures (your ISP). So long as
you have a policy which is, say, "I sign everything", the addition of other
signatures shouldn't cause any trouble -- the policy is about the 1st party,
not the third party.
There has been suggestion in the past of the desire for a policy for "I sign
everything, don't accept a message with *any* third party signatures". I've
yet to see why anybody would want to set such a policy in real life though.
Mike
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html