In <20060909171917(_dot_)40437(_dot_)qmail(_at_)simone(_dot_)iecc(_dot_)com>
John Levine <johnl(_at_)iecc(_dot_)com> writes:
1 - All mail from this domain is signed (valid).
3 - This domain sends no mail (effectively equivalent to [1]).
I don't think these two are equivalent.
Sigh. Please provide an operational example where a reciever would
treat mail differently. To help things along, here are the cases:
Sigh. Please read the email you were responding to. I already gave
the answer:
: For the receiver, it
: is much safer to reject email that has an 2822.From: coming from a
: domain that says that they send no email than it is for the much more
: generic case of "I sign all email".
a) Unsigned message from domain arrives. Since there is no valid
signature, there is no relevant key record in the DNS.
Straightforward case analysis:
1-a: throw message away, it's forged
No, don't throw it away because the lack of a valid signature may well
be due to minor and innocent changes made during transmission.
3-a: throw message away, it's forged
Yeah, go ahead and throw it away.
Again, as I said in the post you responded to, this is all about
weighing the risks. Sure, for some receivers, the differing risks are
irrelevant and it is ok to treat them the same, for others, that is
not the case.
Geez, and I thought you were all hot on not dictating receiver policy.
-wayne
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html