ietf-dkim
[Top] [All Lists]

[ietf-dkim] "I sign everything" yes/no

2006-11-21 16:07:09
Imagine, if you will, that I'm a big ISP with lots and lots and lots of consumer type end users who prefer to stay clueless about the intricacies of e-mail.

A message comes in which claims to be from the First Amalgamated Bank of Example. An entirely separate, unrelated mechanism has already told me that example.com really is the domain name used by the First Amalgamated Bank of Example, and that they're a real bank with tellers and vaults and bulletproof glass and all that fun stuff.

But this message isn't signed (and/or the signature is invalid, which base says is the same thing.) How do I find out whether or not the First Amalgamated Bank of Example thinks that they sign all of their messages? That should be a simple, binary operation, right? I really don't care about anything else the sender may want to assert.

Should that be in SSP? Should it be in something else? Should I encourage all of the banks to use a non-standardized external mechanism while y'all argue?

--
J.D. Falk, Anti-Spam Product Manager
Yahoo! Product Platform Group
_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html