On Fri, Sep 10, 2010 at 6:50 AM, McDowell, Brett <[email protected]> wrote: >>> Ugh! We simply have to fix the root cause of MLM's breaking DKIM >>> signatures. >> Disagree. This would then mean MLM messages become visually similar to >> messages from individuals. > I didn't mean to suggest MLM's should stop doing the things they do that > breaks DKIM signatures. I'm actually a fan of the A-R header (or perhaps a > new one) approach -- used in a clear (profiled?) way -- so MLM's can assert > to receivers that they verified the senders signature before processing and > re-signing it.
As an end receiver though, I certainly wouldn't trust an A-R header that someone else put in during transit saying that it verified from $BIG_COMPANY. That can too easily be forged. Now if that A-R header was part of your DKIM sig or the header had a brief sig field that could be tied back to your DKIM sig, it would become eligible to be regarded as trustworthy (but not necessarily guaranteed to be so). Honestly to me that kind of sounds ridiculous, how many levels of signature would be useful/required? -- Regards... Todd I seek the truth...it is only persistence in self-delusion and ignorance that does harm. -- Marcus Aurealius _______________________________________________ dkim-ops mailing list [email protected] http://mipassoc.org/mailman/listinfo/dkim-ops
