On Nov 30, 2004, at 2:20 AM, Roger Moser wrote:
Stuart wrote:
I have no objection to DK as long as the domains in question also
publish SPF. There is no significant load to *publish* a DK key.
The extra work is only for verifying a DK key. If I don't need
rfc2822 forgery protection, then I won't verify DK. I must say
that if I *did* need 2822 checking, I prefer DK to senderID - since
all that work does provide significant confidence in the authenticity.
All Yahoo mail that directly comes from a Yahoo server has a valid
Yahoo DK
signature. So what is the use of checking the signature?
Most probably all Yahoo mail that went through a mailing list has an
invalid
Yahoo DK signature. So what is the use of checking the signature?
Not all mail... Only mailing lists that change the message cause this
problem -- like this list.
The only case where checking the signature makes sense is forwarded
mail
from Yahoo and spam. But since there is no guarantee that all
forwarders do
not modify the messsages, it makes little sense to check the signature.
Forwarders modify the message? If they do, they should certainly claim
responsibility over the return path.
// Theo Schlossnagle
// Principal Engineer -- http://www.omniti.com/~jesus/
// OmniTI Computer Consulting, Inc. -- http://www.omniti.com/
// Ecelerity: fastest MTA on Earth