On August 18, 2005 at 17:01, Douglas Otis wrote: > DKIM provides significant value beyond implementing a weak and > uncertain anti-spoofing mechanism. MUAs are not designed to ensure > the identity of the author or sender. As a result, MUAs often fail > to show headers intended to indicate this information. In addition, > MUAs also often fail to show underlying email addresses in favor of > "pretty names." This makes for a poor foundation upon which to build > any anti-spoofing mechanism without major renovations. ...
Since it appears there are different views on what DKIM should, or should not be, I want to make sure I understand your view, without the clutter of debating specifcs. Is your view in a nutshell (of what DKIM should be): When a domain signs a message, it is saying, "Here is what I got and transmitted." DKIM only provides a verifiable trace of a message. And/or, DKIM should provide verifiability of a message's originating domain: the initial domain that receives a sender's message for transmission. When the initial domain signs a message, it is saying, "Here is what the domain-authorized sender submitted to me for transmission." --ewh _______________________________________________ ietf-dkim mailing list http://dkim.org
