>> If the signature is valid *and* the signer has a good >> reputation, then a delivery agent might do something nice to the >> message. If it sees a lot of cruddy mail with my signature, > >The issue is not your 'signature' but your d= domain name. That's where >the reputation assessment is supposed to lie.
If anyone else found this obvious point confusing, I apologize. >If we think and talk in those terms, then the question of how strong the >glue needs to be needs to be made in the context of real or likely >efforts at pulling the name off of a legitimate message and affixing it >to an illegitimate one. Why would that be the verifier's concern rather than the signer's? If for some (perhaps good, perhaps bad) reason I decide to use weak signatures, why wouldn't the hit to my reputation be an adequate remedy? R's, John _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
