At 7:02 AM +1000 9/8/06, James A. Donald wrote:
I do not seem to be able to use DKIM to for spam
filtering.

Correct. It is for white-listing. It tells the recipient (MTA or MUA) that the message received was sent from the domain name it says it was, and that parts of the message were not altered.

I would like to whitelist all validly signed
DKIM from well known domains.

Good; that's what the protocol is designed to do.

One way of doing this would be for the MTA to insist on
a valid signature when talking to certain well known
MTAs, and then my MUA could whitelist mail sent from
those well known MTAs

Yes, if you are willing to throw out messages whose signatures are broken during transit. (This is the same risk that others face with insisting on valid S/MIME or OpenPGP signatures be on every message from particular parties.)

In short, I am not able to get any advantage out of
using this protocol, which means that there is no
advantage in sending me signed mail.

And there is no disadvantage either. There is advantages for sending signed mail to users who have a different threat model than you have, and there are certainly administrative advantages to signing all outgoing mail, not looking to see "oh, if it is James, don't sign it because he won't like it".

--Paul Hoffman, Director
--VPN Consortium

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to