spf-discuss
[Top] [All Lists]

Re: [spf-discuss] SPF, DKIM, and NIH

2009-10-12 13:09:18
On Mon, 12 Oct 2009, Scott Kitterman wrote:
So I still need to accept the message body to determine if it passed?

Sometimes.  Here's the matrix:

SPF      EDSP    Forwarder      Action
----     ----    ---------      ------
(any)    (any)   Yes            Accept message
Pass     (any)   (any)          Accept message
Neutral  No      (any)          Accept message
Neutral  Yes     No             Let pass RCPT, accept if signed
Neutral  Yes     Maybe          Let pass RCPT, accept if signed
Fail     (any)   No             Reject at RCPT
Fail     No      Maybe          Accept message (grudgingly...)
Fail     Yes     Maybe          Let pass RCPT, accept if signed

SPF none and softdeny are treated same as neutral.  The forwarder column
refers to any other intelligence the recipient has as to whether the
message is from a legitimate forwarder.

EDSP refers to whether the MAIL FROM domain has posted an envelope-dkim
signing policy -- not the presence of a signature, which you don't know
yet.

For the 80 percent of mail that has the same mail from and from domain,
what would be the difference between this and a standard first party DKIM 
signature?
No difference.  In fact, since the required d= value for DKIM/ADSP and
Envelope DKIM in this case are identical, the deployment of Envelope DKIM
at a DKIM/ADSP would not change a byte of outgoing messages in this class.

The main advatange of Envelope DKIM is that it protects you from being
suckered into accepting a message on probation because of a DKIM/ADSP
policy on the MAIL FROM: address, only to find that the header From: is
something completely different.

For the remainder, what would be the difference between this and a standard
3rd party signature?
There's no such thing as a "standard 3rd party signature" at present.
Envelope DKIM might become the first.

---- Michael Deutschmann <michael(_at_)talamasca(_dot_)ocis(_dot_)net>


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/
Powered by Listbox: http://www.listbox.com

<Prev in Thread] Current Thread [Next in Thread>