John Levine wrote:
Trying to forbid random other third party signatures is, as I expect
you'd agree, just silly.
John,
This falsely assumes the long held *User Expectations* governed and
protected by the 1986 US EPCA is no longer valid for direct private 1 to
1 email communications.
It advocates the idea that some random unknown router(s) outside the
administrative domains on both ends has the god given right not only to
destroy mail integrity, is allowed to mis-represent a domain without
prejudice but also in a new DKIM era, to be able to assert a 3rd party
digital signature on behalf of the message owner and domain where it has
no business in doing in the first place.
What is odd, even if it was a silly idea, is why the uncompromising
stubbornness in not allowing not even the OPTION for the domain to
define its own destiny in not expecting mail tampering and false
representation in some random router between end points.
You are not even allowing the industry to live and learn if protection
against this obvious security thread is helpful or not. I believe it
will be proven to be helpful. It certainly isn't going to hurt anyone.
The worst case is certain domains might quickly find out the "policy"
doesn't work for them and they simply turn it off.
Stop being so darn stubborn.
--
Sincerely
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html