Re: [spf-discuss] SPF, DKIM, and NIH
2009-10-12 06:20:58
Michael Deutschmann wrote:
I have a hard-fail DK record, since my commonsense understanding was that
people who subscribe to mailing lists must whitelist them before arming DK to
reject messages with broken signatures, even for "o=-" domains.
I don't think such behavior may ever become a common practice, as it
implies keeping track of subscriptions and coordinate them with
whitelisting. Too much work, if postmasters have to do it manually.
A good DKIM signature says that the signing domain trusts the message
sender. Much like with SPF, that means nothing unless the recipient
trusts the domain.
However, recently on the DKIM list it was claimed that the analogous
"dkim=all" ADSP does permit validators to act without considering the mailing
list problem....
Yeah, "dkim=all" sounds much like SPF's -all. However, they miss a
~all --which even SPF does not specify in such a way to provide for
useful tools for practical testing. That way, it's hard for a
recipient to discern whether a signature is broken for a bug in the
message's transmission rather than being an actual forgery.
I'm not DKIM signing (yet), but I think I would be content of just
signing body From, Date, Message-ID, and possibly References or
In-Reply-To. Those fields are seldom tampered with. OTOH, if authors
want to sign the body they can do it themselves with either S/MIME of
OpenPGP.
-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/
Powered by Listbox: http://www.listbox.com
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Re: [spf-discuss] SPF, DKIM, and NIH, (continued)
- Re: [spf-discuss] SPF, DKIM, and NIH, David MacQuigg
- Re: [spf-discuss] SPF, DKIM, and NIH, Alessandro Vesely
- Re: [spf-discuss] SPF, DKIM, and NIH, Ian Eiloart
- Re: [spf-discuss] SPF, DKIM, and NIH, Stuart D. Gathman
- Re: [spf-discuss] SPF, DKIM, and NIH, Ian Eiloart
- Re: [spf-discuss] SPF, DKIM, and NIH, Stuart D. Gathman
- Re: [spf-discuss] SPF, DKIM, and NIH, David MacQuigg
- Re: [spf-discuss] SPF, DKIM, and NIH, Stuart D. Gathman
- Re: [spf-discuss] SPF, DKIM, and NIH, Ian Eiloart
- Re: [spf-discuss] SPF, DKIM, and NIH, Stuart D. Gathman
- Re: [spf-discuss] SPF, DKIM, and NIH,
Alessandro Vesely <=
Re: [spf-discuss] SPF, DKIM, and NIH, Scott Kitterman
|
Previous by Date: |
Re: [spf-discuss] SPF, DKIM, and NIH, Scott Kitterman |
Next by Date: |
Re: [spf-discuss] SPF, DKIM, and NIH, Michael Deutschmann |
Previous by Thread: |
Re: [spf-discuss] SPF, DKIM, and NIH, Stuart D. Gathman |
Next by Thread: |
Re: [spf-discuss] SPF, DKIM, and NIH, Scott Kitterman |
Indexes: |
[Date]
[Thread]
[Top]
[All Lists] |
|
|