Sandy Wills wrote: > Let's say that your grandmother, somewhere in the US, sent her > daughter (your mother) a letter at her newlywed house sometime in late > 1941.
I love analogies, so let's extend this one a bit. If her daughter received thousands upon thousands of pieces of junk mail, some of which used fake postmarks to gain attention, others of which use her grandmothers' name, how would her daughter even know that the letter was real or worth her time? If someone thought she would open it, then they'd mimic that behavior as best they could so that their junk could get read. On the other hand, I think only experience is going to dictate good practice here. I doubt I would want to yank my keys for a message only seven days after transit. I suspect I'd want people to be able to verify my messages for several months, if possible. And one of the reasons I say this is that I'm not comfortable with a secure means of communication between then POP/IMAP server and the MUA, and so again I think some experience is needed, as well as some additional extensions. Many of the schemes used require stripping of headers on "final delivery" or upon entry into the recipients' administrative domain. I'm not a fan. An MUA needs something more concrete. Anyway, I think we'll get there based on our experiences. Eliot _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
