Rolf E. Sonneveld wrote:
... if they can do so, you accept the entire email.
In either case you accept the entire email,
Not necessarily. Many if not most Edge ADMD MTA's perform all sorts of
actions after the MAIL FROM phase and before the DATA phase. Think of
greylisting, call back verification, use of RHSBL, use of local BL and
WL's, etc. etc.
I was just at a session at an industry trade association where the question of
doing DKIM during SMTP came up. There were operations folk who very much liked
the idea of being able to obtain some DKIM benefit during the SMTP session,
before the dot...
No one suggested modifying SMTP or DKIM specifications.
What /was/ discussed was the possibility of doing a signature that would
validate before DATA. This merely requires a signature that does not cover the
body.
I can't say that anyone sounded hugely enthusiastic about this, but given that
there was interest in SMTP-time benefit, I think they just needed to think
about
this more.
Having two signatures, with one covering the body and relevant parts of the
message header, and the other only covering the header, strike me as a
plausible
use of DKIM, worth considering. I've no idea whether it would provide any or
enough value-add. However it is only a stylized use of the existing standard,
and so the cost of experimenting with it is reasonable.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html