Scott Kitterman wrote:
For the munger/non-munger approach, how would then domain
owner know if it's users sent to mungers or not? I don't
see how that's possible.
When I read this article I thought it's something like this:
"All my mails are normally signed by me. But I participate
in mailing lists, for mails from known lists my signature
can be broken (invalid / removed / whatever)."
It's then up to the receiver to define "known lists" somehow.
A relaxed "I sign all", stronger than "sometimes", because
reasons for a broken / missing signature should be "obvious"
for receivers. We've to ask Wayne if that's what he had in
mind.
For I know I don't sign, is there a special action a receiver
can take if they get a message with a signature
They can reject it as not plausible without checking. Either
an error on the site of the sender, or an emergency, one of the
odd cases discussed in the "threats" RFC.
(maybe claranet started signing and you missed the message)?
I'd hope they publish an SSP in that case, it's quite possible
that I missed this... :-)
If not, do we need to include it?
So far I'd like this better than a "null" policy meaning only
"you found it, and it's empty". Admittedly this smells a bit
like "URI squatting" / "opt-out".
Frank
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html