It may well be unenforcable. If I send an email directly to
stephen(_dot_)farrell(_at_)cs(_dot_)tcd(_dot_)ie signed and with the SSP record
of
"I sign all email, and do NOT permit email through any body or
signature altering gateways"
I will open a session on port 25 at mx.cs.tcd.ie and hope that the
receiving mta does not add its own sig to the message before depositing
it to the inbox. Local rules might require the additional sig to ensure
that the inbox only gets mail from the edge mta. Now if Stephen is using
one of Doug's dkim aware MUA's that "see's" 2 signatures where only one
should be might flag the message with a red warning "suspicious mail
lies here" or inform Stephen that the message was deleted because the
SSP didn't match.
Thanks,
Bill Oxley
Messaging Engineer
Cox Communications, Inc.
Alpharetta GA
404-847-6397
bill(_dot_)oxley(_at_)cox(_dot_)com
-----Original Message-----
From: ietf-dkim-bounces(_at_)mipassoc(_dot_)org
[mailto:ietf-dkim-bounces(_at_)mipassoc(_dot_)org] On Behalf Of Stephen Farrell
Sent: Monday, September 11, 2006 3:11 PM
To: Thomas A. Fine
Cc: ietf-dkim(_at_)mipassoc(_dot_)org
Subject: Re: [ietf-dkim] SSP and mailing lists
Hi Thomas,
This isn't really directed at you, but I've wondered each time
someone has said something like:
Thomas A. Fine wrote:
"I sign all email, and do NOT permit email through any body or
signature altering gateways"
I've no idea how a sending domain could enforce the "do NOT permit"
there. Neither in practice, nor in principle. Does anyone? (This may
just be my own ignorance of course, I don't claim to be a mail
expert.)
If its unenforceable, then I don't see why anyone would bother making
the statement.
Stephen.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html