spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Re: op=dkim

2005-06-03 15:15:36
from [Hector Santos] [Permanent Link] 

----- Original Message -----
From: "Frank Ellermann" <nobody(_at_)xyzzy(_dot_)claranet(_dot_)de>
Newsgroups: spf.-.sender.policy.framework.discussion
To: <spf-discuss(_at_)v2(_dot_)listbox(_dot_)com>
Sent: Friday, June 03, 2005 4:56 PM
Subject: [spf-discuss] Re: op=dkim



Sure, but see Andy's construct in the spf-considerations-00.txt
"7.2  Use of Other Authentication Schemes":


Frank,

Are you suggesting that once someone submits an independent submission that
comes without review, as in this one you point out, that it becames
"gospel?"

Anyway,  I thought about this.

It would only maybe be useful for a DKIM compliant receiver who would need
to take into account the concept the sender is not SPF ready.  In other
words,  no published SPF domain still means the message needs to be checked
for DKIM.  So the receiver will have a DKIM/NO SPF policy in place.

This is where a consolidated concept or a new generic SMTP framework that
take into account the idea of multiple TMS <tm> (Transaction Management and
Security) protocols are in place.   I am seriously comtemplating finishing
up and publishing a draft called SMTP TMS which look at how all these
protocols can work together, independent of each other or not at all.  I
just don't know if I can put the committment in. <g>  Maybe someone would
like to co-author it with me? <hint>

See the recent message in IETF-MAILSIG where I posted a glimpse into the
SMTP TMS proposal.

--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com







| There do exist scenarios where mail administrators do not wish to
| subject their email practices to SPF checks but do wish to offer an
| affirmative acknowledgment of the practice of using SPF.  Such a
| scenario would be email sending domains that wish to rely on other
| authentication schemes, such as cryptographic-based signature
| schemes.

| This is easily accomplished with the exclusive use of the "all"
| mechanism using the pass result.  Such as:
|     v=spf1 +all

Now I'm not saying that this is a good idea, but a policy like
"v=spf1 op=dkim ?all" could actually mean something.

If some stupid spammers start to use bogus DKIM signatures they
would face similar problems as with forging the MAIL FROMs for
SPF FAIL policies.
                            Bye, Frank


-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Read the whitepaper!  http://spf.pobox.com/whitepaper.pdf
To unsubscribe, change your address, or temporarily deactivate your

subscription,

please go to

http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Website content., Frank Ellermann
Next by Date:  Re: Re: Website content., Daniel Taylor
Previous by Thread:  Re: op=dkim, Frank Ellermann
Next by Thread:  'unknown' mechanisms / binary SPF RR? (Was: Re: op=dkim), Jeroen Massar
Indexes:  [Date] [Thread] [Top] [All Lists]