John L wrote:
Surely you're not advocating a MUST NOT strip, or even a SHOULD NOT
strip. The third parties can sign after all and then you'd just trust
them directly.
Why, yes indeed, I'm advocating SHOULD NOT strip. Surely you haven't
forgotten that this is supposed to work with SPF and Sender-ID, where
forwarders can't sign without munging the message. Even if the
forwarders do sign, that doesn't tell us anything about the status of
the message when it arrived at the forwarder which is useful for spam
forensics.
Frankly I don't much care because on average I have no clue whether I trust
where it's coming from. And if I trust where it's coming from, I
probably trust
them to filter out the nonsense too, so it seems rather pointless.
Trying to expect unauthenticated cross administrative good bits to
remain good is pretty crazy if you ask me.
There are cases where they do and cases where they don't, and it's not
hard to recognize the ones where they do. Personally, I think it's
crazy to break a useful application because a sufficiently inept user
might misuse it. If we're going down that path, I have a whole lot
more deletions to make.
The sufficiently inept users outnumber us millions to one.
Mike
_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html