Douglas Otis wrote:
I'm sorry. What section in the DKIM specification does it say it
"requires the MUA to verify signatures"?
The DKIM specification does not indicate how protective benefits are
derived. It surely does not say the MUA can not verify signatures.
DKIM use at the MUA has an advantage over SPF that must often depend
upon Received headers including the optional IP address of the SMTP client.
Whatever, it does not say DKIM "requires the MUA to verify signatures."
Blocking at the MTA can not offer adequate protection.
Whats wrong with expecting this is not a highly probably event?
Because bad actors adapt where then you might then detect a few percent
of lazy ones as with SPF.
Who's talking about SPF?
Blocking via policy definitely does _not_ offer much in the way of
protection, but will require a significant level of support
explaining why various messages are being rejected.
It will?
- A domain does not expect mail. Pretty good protection
- A domain requires mail to be sign. Pretty good protection
Only when message originators are recognized and verified by the MUA,
Nope, once again, MUA are not required. I can do the above easily at the
MDA.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html