> But different parties mean different things when they sign the > message. If the author signs a message, it means "I wrote this". > If a list signs a message, it means "I sent this".
Ah, why didn't you just say so two weeks ago? I think you will find that you are reading a whole lot more into DKIM signatures than other people are. I concur with Tony's model that a signature only means "I will accept the blame for this message". Realistically, my MTA is going to sign mail from all of my users, and although I am willing to accept responsibility to be sure that they behave themselves, I don't have the faintest idea what mail they send is new, quoted, sent on behalf of others (lots, due to third party web and mail hosting) or anything else. I barely know what domains they use in their return addresses and I do not know, for example, whether a message with a return address at one of the little wineries I host is sent by the winery's management, or someone else (web host) on their behalf. I'm sure not going to spend any effort forcing them to tag their mail to tell the difference, since among other things they'd never get it right, anyway. I expect that my position is similar to that of most ISPs and web hosts. I can see that you might want a system full of fine-grained assertions about mail, but DKIM isn't it, and I doubt that it would be very useful. It comes back to the failed Lumos model of complex assertions about mail to be sorted out by recipients. I'm not interested in much more than one bit to decide either someone's mail is worth accepting or it's not, and I haven't heard any clamor here for more. I'm planning to look up the signing domain in whatever passes for a reputation system, and if it says good, I'll accept it, if it says bad, I'll reject it, and if it says nothing, I'll send the message through the filtering gauntlet I use now. Yeah, I know not everyone feels the way I do, but I think I'm pretty close to the mainstream here. Everyone? Am I blowing smoke? R's, John _______________________________________________ ietf-dkim mailing list http://dkim.org
