On Mon, Aug 14, 2006 at 09:04:13AM -0400, Hector Santos wrote:
SPF is for RFC821. DKIM is for RFC822. Mixing the two would be a
mistake.
Correct, But technically we are not mixing the two in this form of analysis.
Do you have 100% trust in SPF-FAIL or SPF-PASS?
Philosophy... Can one have 100% trust in anything?
Not many do. The SPF forwarding problem remains to be its #1 thorn on its
side and the DKIM promoters are using this as its strategic marketing
advantage.
What forwarding problem? If someone decides to send a new letter, and
is using someone else's name, that is forgery, not forwarding-problem.
A good way to explain this is if you got a SPF-FAIL reject, will you fill
100% better if the was also a DKIM-FAILURE with it?
Why would I spend resources (memory, cpu) to compute a sum when I
already know the domain name is used against the express permission
of the domain owner?
What if you got a SPF-PASS? In theory should a DKIM-PASS increase the
trust? Would a DKIM-FAIL lower the trust?
Yes. If the message comes from an authorized source, it is IMHO worth
to do the work for DKIM. If at that time it is clear that the message
is a forgery, not only do you know this but also you know you can inform
the domain owner (because of the SPF-PASS).
But this has nothing to do with combining spf and dkim. The two
technologies do not work together, do not need to be changed, etc.
It is the implementation that uses both technologies and makes
decisions based on the results.
--
Alex
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com