One really wants to be able to trust something. As it currently
stands, by allowing any bad actor an ability to replay any message
from a "white-listed" domain prevents trust from ever being
established. Trust MUST be protected as an ssp-requirement. Trust
requires an ability to associate the SMTP client, the MailFrom, and
other email-address domains within other headers with that of the
signing-domain. DKIM MUST be able to protect trust that might be
established from abuse. These associations as an ssp-requirement
provides this protection.
-Doug
Section 1.1
DKIM separates the question of the identity of the signer of the
message from the purported author of the message. In particular, a
signature includes the identity of the signer. Verifiers can use the
signing information to decide how they want to process the message.
The signing identity is included as part of the signature header
field.
In this case, wouldn't it be better to say:
DKIM separates the question of the identity of the signer of the
message from the purported author of the message. In particular, a
signature includes the identity of the signer which can be traced to a
specific author or first party signer. Verifiers can use the signing
information to decide how they want to process the message based on the
reputation of the author. The signing identity is included as part of the
signature header field.
Regards,
Damon Sauer
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html