mail-vet-discuss
[Top] [All Lists]

Re: [mail-vet-discuss] Draft as of 9/4/2007

2007-10-14 10:27:18
John L wrote:
Surely you're not advocating a MUST NOT strip, or even a SHOULD NOT
strip. The third parties can sign after all and then you'd just trust them directly.

Why, yes indeed, I'm advocating SHOULD NOT strip. Surely you haven't forgotten that this is supposed to work with SPF and Sender-ID, where forwarders can't sign without munging the message. Even if the forwarders do sign, that doesn't tell us anything about the status of the message when it arrived at the forwarder which is useful for spam forensics.

Frankly I don't much care because on average I have no clue whether I trust
where it's coming from. And if I trust where it's coming from, I probably trust
them to filter out the nonsense too, so it seems rather pointless.

Trying to expect unauthenticated cross administrative good bits to remain good is pretty crazy if you ask me.

There are cases where they do and cases where they don't, and it's not hard to recognize the ones where they do. Personally, I think it's crazy to break a useful application because a sufficiently inept user might misuse it. If we're going down that path, I have a whole lot more deletions to make.

The sufficiently inept users outnumber us millions to one.

      Mike

_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
<Prev in Thread] Current Thread [Next in Thread>