On Thu, 5 Jun 2003, Hallam-Baker, Phillip wrote:
I dispute his conclusion that a failed signature means that the message will
be thrown in the trash. Most filters (and certainly any compliant with the
criteria being discussed) would quarantine mail with a failed S/MIME
signature rather than discard.
Acknowledging and ignoring your other points for this response since I
agree, I think that once a system exists and is reasonably deployed, I
will quickly throw away 'non-signed' mail and non-whiltelisted mail. The
whole point is to get ride of spam, not let me put off evaluating it.
My phone is set to block caller id. Every once in a while, I call someone
who had a phone company option which blocks calls which don't have caller
id. I have to unblock caller id and call again (though recently, I got to
give permission to reveal my phone number interactively).
Frankly, if somone doesn't think what they have to say is important
enough to them to use the proper 'signing' process or perhaps the
responder override, I don't need to hear from them. I've encounted this
process once or twice and it was trivial to reply to the query. Even my
80+ year old aunt and uncle who have been using email for less than 2
years would grok it.
So I will toss or bounce unidentified origin mail. And I can assure you
that 'civilians' I know will do it even faster than I will.
Dave Morris