On Mon, 2006-07-31 at 06:15 -0700, william(at)elan.net wrote: > On Fri, 28 Jul 2006, John L wrote: > > >>> A) No mail has an isp.com From: address, but mail with other From: > >>> addresses may have an isp.com signature. > > > >> Consider what I believe Y! does in their MUA: if it's got a valid > >> signature > >> from isp.com with a From: [EMAIL PROTECTED], it doesn't get a nice little > >> message saying that Y! believe it came from customer.com. Thus the > >> outsourced mail will not be treated on a par with mail signed on behalf of > >> the domain. > > > > It makes sense that customer.com would publish an SSP record saying "my > > mail > > is all signed by isp.com". > > > > But I still don't see what benefit it is for isp.com to say "we sign some > > other people's mail." If isp.com signs other people's mail, we'll know > > because we'll see the signatures. > > The statement that I sign only my own mail makes perfect sense.
There are a few problems with this statement. The policy reference will be from the OA domain and not the signing domain. In what context would this policy even be in the right context? If there is a valid signature, that would trump non-signed policy information counter to that valid signature. If there are attempts to use a bogus signature, the protection being sought is for the OA domain and not the signing domain. Are you suggesting that there be additional transactions made for known bogus signatures? A domain found based upon reverse DNS of the SMTP client or EHLO validation might have be when such a check may have been made. Upon validation, the next check would likely be of their reputation and not what else they have to say. This seems to suggest that a bogus signature could be held against this domain unless they disavow even the possibility? Would you want this policy to list thousands of domains, which might be the typical case? This type of policy would seem to create a management headache for little benefit. -Doug _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
