If I have a domain that my ISP is my MTA then my ISP is my SPF.
In this case, if the message is signed, it is truly specific to me.
And I disagree with the breaking of forwarding...
User A sends a message from the home office in Walla Walla. It is signed by
the home office's MTA and also by the ISP's MTA and is delivered to User B's
MTA. B's MTA checks the DKIM record which shows that I aways sign messages
coming from MTA A's ISP's IP. (or you can take A's ISP out of the mix)-
Works great.
User A then travels to Pasadena and forwards a signed message from the
Holiday Inn. Since the signature is in the header, it is assumed that it is
signed and B's MTA will still check the signature and it will still be good.
Regardless of whether Holiday Inn's MTA also signed the message.
User A then sends a new message from Holiday Inn to user B whose MTA checks
the DNS record which shows that only messages from user A's IP range *must*
be signed. Since it does not all within this range. The message will still
be good.
Regards,
Damon
On 8/2/06, wayne <wayne(_at_)schlitt(_dot_)net> wrote:
In <62146370608020847v2d1e25aak692ab8d1e4711bc3(_at_)mail(_dot_)gmail(_dot_)com>
Damon <
deepvoice(_at_)gmail(_dot_)com> writes:
> Such as "I always sign mail from servers on my SPF record or CIDR(s)"
For me, one of the big advantages of DKIM/DK is that it doesn't break
(as often) on forwarding, which complements SPF which doesn't break
(as often) on mailing lists.
Maybe I'm missing something, but I'm not sure that specifying the
source MTA that signs stuff has any real advantage over just using
SPF.
-wayne
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html