> -----Original Message----- > From: MH Michael Hammer (5304) [mailto:[email protected]] > Sent: Monday, September 13, 2010 12:06 PM > To: Murray S. Kucherawy; [email protected] > Subject: RE: [dkim-ops] hammering with a soldering iron, was subdomain vs. > cousin domain > > I think your last comment is perhaps the most interesting one. As John > Levine frequently reminds us as he invokes King Canute, we cannot tell > receivers what to do. I don't know if this association exists, but if > receivers find an association between failed signatures and malicious > email I can just about guarantee you that they will take advantage of > that data point..... Regardless of what the standard says. Bottom line, > a failed signature will be treated in accordance with those things that > a failed signature is perceived to be associated with.
Naturally that's true, but I think until there's evidence that a negative validation should mean something, I'm inclined to believe the RFC's advice is right. That's based on the notion that there are lots of reasons a signature validation can go awry, and they're often not the fault of either of the endpoints, so arbitrary interruption of the flow of mail seems to be something to avoid. _______________________________________________ dkim-ops mailing list [email protected] http://mipassoc.org/mailman/listinfo/dkim-ops
