J.D. Falk wrote:
But this message isn't signed (and/or the signature is invalid, which
base says is the same thing.) How do I find out whether or not the
First Amalgamated Bank of Example thinks that they sign all of their
messages? That should be a simple, binary operation, right? I really
don't care about anything else the sender may want to assert.
Your premise is that you will find it useful to know that First Amalgamated
purports to sign everything. Let's ignore what you will do with that
information; it's your business not ours (and possibly not even First
Amalgamated's.)
The next question is whether there is a rough consensus of folks, here, who
agree with the desire to know this information.
I will ask for one clarification: What do you mean "I really don't care about
anything else the sender may want to assert"? Certainly only the sender -- if,
by sender, you mean FirstAm -- is the only one that can claim that they sign
everything.
Should that be in SSP? Should it be in something else? Should I
encourage all of the banks to use a non-standardized external mechanism
while y'all argue?
Discussion, here, has been about having an SSP flag that lets a potential signer
say "I sign all my mail and my signature matches the rfc2822.From (or maybe
rfc2822.Sender) field domain name."
Would this satisfy the requirement you are offering?
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html