On Friday 30 March 2007 14:42, Ian Eiloart wrote: > --On 30 March 2007 00:04:52 +0200 Magnus Holmgren <[EMAIL PROTECTED]> > wrote: > > On Thursday 29 March 2007 23:27, Marc Perkel wrote: > >> If a domain has a policy of signsall=1 and there is no signature - is > >> that good enough to reject the email? > > > > That's up to you if you think that every domain that declares that policy > > actually follows it. Maybe the probability is greater than for domains > > with SPF records ending in "-all". > > Actually, it's not a question of "following" the policy, but of enforcing > it. If a domain published that policy, they'd also want to pursuade their > users to use their MSA hosts to send mail (instead of the users ISPs, etc). > The thing is, the domain owner can't enforce anything on email that doesn't > flow through their hosts. That's where they require you to do their > enforcement for them.
Good point. Ideally, users would abide by the policy if told that "otherwise your mail may be rejected", but in reality they'll notice that that never happens. But I should add that DKIM, the successor of DomainKeys about to be published as an RFC [1] doesn't have the "signsall" concept at all, because the signing identity is in the signature field only; if there is no signature there is no domain to query for signing policies (in DomainKeys, Sender:, or in the absence of one, From:, gave the domain to query). This means that rejecting mail for lack of a DKIM signature becomes a local policy, which makes sense, I think, because the same applies to *accepting* mail that *has* a valid signature - it's something you can do only for a few domains you trust. [1] http://mipassoc.org/pipermail/ietf-dkim/2007q1/007026.html -- Magnus Holmgren [EMAIL PROTECTED] (No Cc of list mail needed, thanks) "Exim is better at being younger, whereas sendmail is better for Scrabble (50 point bonus for clearing your rack)" -- Dave Evans
pgp8Rwow55h0a.pgp
Description: PGP signature
-- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
