Re: [spf-discuss] SPF, DKIM, and NIH

On Sun, 11 Oct 2009, David MacQuigg wrote:
> I believe it is possible to reject as soon as you see the DKIM-Signature
> header, but the problem will be the same as SPF - too many legitimate
> messages still have crap authentication.  Yet another chicken-and-egg
> situation.
>
> In this message:
>
> [ results showing Michael's mail, as relayed by list, to fail DK ]
Envelope-DKIM would not fail in this way.  Like SPF, it would not care
that the "From:" was forged.  Only the signing policy of the MAIL FROM:
domain (which for this list is "@jeeves.archives.listbox.com") would be
enforced.


I have a hard-fail DK record, since my commonsense understanding was that
people who subscribe to mailing lists must whitelist them before arming DK to
reject messages with broken signatures, even for "o=-" domains.

However, recently on the DKIM list it was claimed that the analogous
"dkim=all" ADSP does permit validators to act without considering the mailing
list problem....

---- Michael Deutschmann <michael(_at_)talamasca(_dot_)ocis(_dot_)net>


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/
Powered by Listbox: http://www.listbox.com