On 2006-08-08 10:31, Scott Kitterman wrote:
If there is a reasonable way to do it, it might be useful for receivers to
be able to get a hint before going to DATA if the message is going to be
DKIM signed. I can envision looking for such a hint when evaluating a
message from an IP address listed in an RBL and perhaps going to DATA to
look for the promised signature.
This would break on forwarding -- so the positive ("yes, I signed this
message") is good, but the negative ("no, I don't sign") can't be
trusted without knowing a whole lot more about the sending site's
technical configuration and/or business practices.
Plus, spammers could easily start using this same technique to try to
bypass envelope security in hopes of then fooling DATA filters.
I can see some potential for this to make signing more attractive to small
senders who are more likely to be blocked due to RBLs. It may be
attractive to receivers as a way to reduce false positives from spam
filtering techniques used on the envelope.
Sounds like false hope to me; as a big receiver, I can't imagine that
I'd ever want to blindly trust assertions made by an unknown sender.
--
J.D. Falk, Anti-Spam Product Manager
Yahoo! Communications Platform Team
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html