John Levine:
There's a strong correlation between badly structured emails (SMTP,
MIME, HTML) and email that the recipient doesn't want to see.
You're right, but I think that's largely orthogonal to DKIM. If a
message has a good signature from a credible signer, I expect I'd want
to show it to the user even if it had structure problems. I'd like to
make the trust model as simple as possible, preferably
good signature -> good messsage
I agree with John's earlier message that to make DKIM useful for
automated whitelisting, we end up with something slightly more
complicated:
valid signature + good signer
+ no suspicious unsigned content -> good message
My preference would be to enforce this within the existing protocol
(that is: send h=from:from:subject:subject...), but I could live
with hard-coded checks for unsigned single-instance RFC 5322 and
MIME headers (that is: no DKIM PASS for unsigned "extra" From,
Subject, MIME-Version, Content-type, etc. headers).
Wietse
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html