John Levine wrote:
Oh, and one final note. The document talks a bit about defining a
public key BATV scheme but doesn't actually define anything.
Humor me for a moment here.
The idea of a public key BATV is so the system generating the bounce
can check the signature and not even send bogus bounces. But any
system that is going to DKIM sign its bounce addresses would also be
able to DKIM sign its message bodies, so ADSP discardable already
allows you to declare that everything is signed so don't bounce the
unsigned stuff. We're talking about DSNs here, not SMTP rejects, so
the system generating the bounce is going to have received the message
already. This isn't a situation where you might skip the DATA in a
SMTP session.
OTOH mere prvs doesn't even require a standardization, since it can be
unilaterally enforced by any admin.
The generic BATV scheme allows different signing styles, e.g. pgp.
Furthermore, Mouss mentioned that the ability to reject a message at
the RCPT level has its advantages.