No it doesn't.
If a mail has a valid signature the policy record does not need to be read at
all.
If you say that 'I sign no mail' and you do sign a mail this does not force
someone to ignore the signature as you suggest. If you sign no mail and say 'I
sign some mail' the precise same result is achieved as if you said 'I sign no
mail'.
There is no distinction here. The only policy that is useful to a recipient is
one that allows them to make deductions from the ABSENCE of a signature. The
only policy that does that is I sign ALL mail.
-----Original Message-----
From: Thomas A. Fine
[mailto:fine(_at_)head(_dot_)cfa(_dot_)harvard(_dot_)edu]
Sent: Thursday, September 07, 2006 10:48 AM
To: Hallam-Baker, Phillip; ietf-dkim(_at_)mipassoc(_dot_)org
Subject: RE: [ietf-dkim] user level ssp
Hallam-Baker, Phillip wrote:
What is the difference on the recipient side between 'I sign no mail'
and 'I sign some mail'?
Well, in terms of receiving and validating email, then such a
policy would mean that if signed mail is received AND the
domain is marked as trusted then no spam filtering is
required for that email. Messages without signatures can
still be accepted, after traditional spam filtering.
Whereas, "I sign no mail" means that it ALL has to go through
a traditional spam filter. One could make an argument that
such a policy would mean that any SIGNED mail from this
domain can be immediately dropped as invalid. In fact, one
could even argue that this is the only reason to have such a
policy, as it is the only way it could be different from a
nonexistent policy.
And "I sign all mail" means that unsigned mail can be
instantly dropped.
This, from a verification point of view is the ideal
situation, and somewhere down the road, this will essentially
be the only policy.
So there is a subtle difference at verification time. But I
fully agree that I don't expect anyone to use the
half-and-half policy, because it fails to protect the domain
or it's reputation. From the point of view of a mail forger,
there really is no difference, this domain is still just as
ripe for the picking.
tom
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html