----- Original Message ----- From: "Jim Fenton" <[EMAIL PROTECTED]> To: "Hector Santos" <[EMAIL PROTECTED]>
>> [FLAWED TECHNOLOGY!] >> >> If one or more signatures are valid, then process the message as >> a good signature. This includes if there exist one or more >> bad signature. As long as there is 1 good signature, process >> the message as a good signature. > Perhaps this is part of sort_signatures_into_preferred_order(), but I > wanted to make it explicit: Since SSP might not allow third-party > signatures, it's probably best to check first-party signatures first. > Stopping with the first valid signature might not give the right result > otherwise. Possibly. The sorting question seems to be "kludge" or an attempt to make something good out of something that just be really bad. In my view, four items are keeping us from going full steam with this: - the SSP, - list servers, - mix policy conflict, and - authorization results/reporting. All needs to be resolved before trying to make heads or tails from DKIM signatures. Too many mushrooms in this "DKIM Green Field." For the records, we have begun collecting DKIM and DOMAINKEY signed messages passing through our system. I'm seeing fraud already taken place. The most obvious are those with no policies - just fake signatures. I'm also seeing the spammers beginning to use one or both thru 3rd party domains. These 3rd party domains are going to be a high risk of quickly getting "flagged." -- Hector Santos, Santronics Software, Inc. http://www.santronics.com _______________________________________________ NOTE WELL: This list operates according to http://dkim.org/ietf-list-rules.html
