Murray S. Kucherawy wrote:
-----Original Message-----
What this tells me is: Ignoring ADSP, if a domain sometimes signs its
mail, then mail from it (signed or not) is usually not spam. From this I
suspect we could conclude that a missing signature doesn't tell us much
of anything.
And it would be an incorrect conclusion. This shows a lack of
understanding of policy concepts.
Look, I can clearly say right now, that 100%, not 99.99% of all DKIM
signed mail in my PCN have untrusted SIGNERS even if I known who they
are - they are 100% not vouched. I will venture that the majority DKIM
receivers see a 100% or close to it.
Is that evidence to conclude that the TRUST idea is bad? No.
Now, if I had a local table of TRUSTED signer domains, then I can make
an assertion that an VALID signature from that signer is ok, but if I
see it broken, its going to a classification that is lower than OK.
In the same vain if an Author Domain has a policy says THIS, but you
see THAT, thats a clear policy violations.
Either way, Author or Signer - there is always a policy concept
involved - when you have neither, then we have want we have now which
is pretty much nothing.
--
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html