On Aug 4, 2006, at 10:25 AM, John L wrote:
That's the problem: if you do that, domains like Cisco -- or
anybody else who uses mailing lists -- will *never* publish a "we
sign everything" policy even though we do.
And that's a problem because ... ? There are all sorts of true
statements that you can make about your outgoing mail, almost none
of which are of any use to anyone else. This appears to be one of
them.
A financial institution being heavily phished may wish to explicitly
state:
"SIGN ALL MAIL" and "DO NOT USE ANY SERVICES KNOWN TO DAMAGE THEIR
SIGNATURES"
Cisco may wish to only state:
"SIGN ALL MAIL"
The important difference is whether the assertion is _expected_ to
cover all possible sources carrying their messages.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
