Damon,
You're right. I meant the NO-MAIL policy in my paragraph below. To me,
the fundamental "natural laws" for DKIM or any SIGNING concept is:
- I ALWAYS SIGN THIS DOMAIN
- I NEVER SIGN THIS DOMAIN
- SIGNED OR NOT SIGNED, DO NOT EXPECT MAIL FROM THIS DOMAIN -
WE DON'T USE THIS DOMAIN FOR EMAIL. PERIOD.
- NO ONE BUT MY DOMAIN SIGNS (no 3rd parties)
- OTHERS CAN SIGN (Preferably from an authorized list)
It really has nothing to do with the validity of the signature. The
mere fact that one of the above may conflict with the domain
expectations is a protocol violation in itself.
And what is very important, which what DSAP was all about, they can all
easily happen naturally in practice directly and indirectly - hence a
security issue.
--
Sincerely
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com
Agreed. We are on the same page.
However, does "I sign no mail" mean "I send no mail"?
I don't think it does, but I think this is a source of confusion
because I have seen the terms mixed several times.
Regards,
Damon Sauer
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html