I'm a bit confused here (sorry I'm new on the list and I have not read ADSP in
full)
Should we not query every time the DNS, to check that this domain will sign
every message as policy and that a non signed message is therefore invalid?
In the case of the ebay announcement that all messages will have a DKIM
signature, how do you implement at the receiving MTA level this verification?
----- Original Message -----
From: "Murray S. Kucherawy" <msk(_at_)sendmail(_dot_)com>
To: "Hector Santos" <hsantos(_at_)santronics(_dot_)com>
Cc: ietf-dkim(_at_)mipassoc(_dot_)org
Sent: Friday, 20 February, 2009 10:01:08 AM (GMT+1200) Auto-Detected
Subject: Re: [ietf-dkim] NO DKIM "POLICY"
On Thu, 19 Feb 2009, Hector Santos wrote:
What is the current recommended method to establish or expose that a
DOMAIN should not be signed, is not expected to be signed and that any
DKIM supportive receiver seeing a message with a signature from a
purported domain should be rejected with full confidence?
Will a NULL public key do the trick?
At the moment ADSP doesn't have such a mechanism. It could (and used to)
but then one issue is that you always have to query for such a record
instead of only querying when there's no valid author domain signature.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html