- Define some (few, simple) rules for when messages MUST NOT be DKIM-signed (e.g. those that contain >1 From address) - When a signer is presented with such a message, it doesn't sign it, or forward it, but bounces/deletes it (whatever the right mail thing to do is).
Doug is right to say that unsigned messages are incompatible with the EXCLUSIVE policy so we can't make provision for an unsigned message leaving the administrative domain of an EXCLUSIVE policy holder. Thus, I understand the suggestion to refrain from delivery or forwarding messages which (for whatever reason) can't be signed. Something along the lines of the mail server saying "550 I can't accept that message because it can't be DKIM signed" might be nice. However, all this is out of the strict control of a DKIM signer and into the realm of the mail server isn't it? In order to comply with these type of provisions wouldn't the DKIM signer have to also possess some significant measure of control over other aspects of the mail handling system? Do we want to give the potential DKIM implementor the feeling that they also have to control when messages are forwarded or bounced or deleted? Am I understanding this thread correctly? LOL.
-- Arvel _______________________________________________ ietf-dkim mailing list http://dkim.org
