wayne:
1) I always sign, but I also know that I send email through relays that
will break the signature.
This is an assertion about the sender. As such, it is valid within
the context of a sender signing policy.
1) I always sign, but I also know that I send email through relays
that will break the signature. If you, as a receiver, reject
legitimate email due to broken/missing signatures, it is your fault
and I'll place the blame on you.
This is an assertion about recipient actions and their consequences.
There is a mistaken perception that that senders have control over
how recipients handle email (whether spoofed or not). A sensible
sender signing policy is limited to assertions about sender actions.
For amusement value, below is my take on some signing policies:
after the first two, everything is either redundant, invalid, or
inconsistent.
Wietse
0 - No policy (status quo).
1 - All mail from this domain is signed (valid).
2 - Some mail from this domain is signed (equivalent to [0]).
3 - This domain sends no mail (effectively equivalent to [1]).
4 - No-one else can sign my mail (invalid, it attempts to control
recipient behavior where the recipient is, for example, a
mailing list, or a user at a DKIM-signing ISP who bounces an
email message to another site).
5 - Mail from this domain is never signed (inconsistent, it implies
that a valid signature is invalid; and invalid, as per [4]).
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html