ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] user level ssp

2006-09-09 12:02:10
In <20060909140903(_dot_)E8B49BC0BC(_at_)spike(_dot_)porcupine(_dot_)org> 
wietse(_at_)porcupine(_dot_)org (Wietse Venema) writes:

1 - All mail from this domain is signed (valid).

3 - This domain sends no mail (effectively equivalent to [1]).

I don't think these two are equivalent.

Again, 3) says what the sender does or not do.  For the receiver, it
is much safer to reject email that has an 2822.From: coming from a
domain that says that they send no email than it is for the much more
generic case of "I sign all email".   This is very similar to being
much safer to reject email from the 2821.MAILFROM or 2821.HELO that
has an SPF record of "v=spf1 -all".  And, note that the DKIM SSP and
the SPF records cover different identities, there is value in having
both.


-wayne
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html