Hector Santos wrote: > I think you are underestimating the flip side - receivers > won't bother with implementing DKIM verification. DKIM > Signatures - valid, broken or otherwise, without a concept > that is essentially a "permission or authorization to sign > verification" concept, has little to no value.
+1 A bit like a signed timestamp line (?) Certainly nice to have a single format for all signing MTAs, and to aggregate them into sets of signing MTAs belonging to the same signing MON or mediator. For the MRN that might be faster and is probably much more reliable than to analyze the timestamp lines. But a chance to reject some "bad" mails directly would be better. > You got to give me solid, logical and deterministic reasons > why we should even bother looking for DKIM signatures - valid > or not. Those "sets of signing MTAs belonging to the same signing MON" are less granular than "sending IPs" as used for DNSBLs. That could be an advantage if you have your own local "reputation" database. E.g. if you get a mail from Jim signed by Cisco you could say "Cisco mails are often good". If you get a similar mail signed by #####groups that might be different... <beg> > Why bother trying to verify the signature? Feedback loop with a scoring system based on reputation ? Bye _______________________________________________ ietf-dkim mailing list http://dkim.org
