John R. Levine wrote:
I have lots of mailboxes internally that have mail shoveled to them
based on From:. If the mail is from a source that I trust, "i=" would
be just as useful that way.
We all filter on From:. If you know the domain is well-behaved, what's
the point of using i= rather than From: ?
+1
I'm not trying to be perverse, but this feels a lot like an
answer looking for a question.
example.com, which has a good reputation or is whitelisted, can be
further vetted using "i=" since I implicitly trust it's being used
properly.
Again, I have trouble reading this as other than human shields. If
example.com is mostly OK, why should it be anyone else's job to sort out
the stuff that's not OK?
Isn't that a conflict?
If the other stuff is not ok, then we have invalid signatures which
are not candidates for the proposed DKIM reputation assessment model.
Lets keep in mind the origins for its usage when POLICY was still
focused WG interest and it applied to dealing with all signature
violations, including a conceivable fraud attempt in masking i=.
But with reputation being the key focus now, because i= would already
have a verifiable relationship with the d= value, I see less value in
passing this to the engine unless it is something that reflects the
5322.From address and even then, the 5322.From is also hash bound
signature requirement.
So with a reputation mindset only, I can only see i= useful for
logging or tracing.
--
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html