> [mailto:[EMAIL PROTECTED] On Behalf Of Frank Ellermann
> Hallam-Baker, Phillip wrote: > > > The receiver decides how to interpret that information. It must be > > very clear (a MUST) that I sign all is not the same as > instructing the > > receiver to do an automatic reject. That is why I don't want to see > > anything that smacks of telling the receiver what to do. > > This message apparently contradicts itself. There's no such > "MUST" in "I sign all", and it's perfectly okay if receivers > decide to reject unsigned "I sign all" mails. If they decide > to accept it anyway it's most likely silently dropped later, > or bounced to innocent bystanders (1), and that would be bad. We are writing instructions to the authors of the software packages, not the operators of such. A DKIM signature verification package which automatically bounced messages that failled sig verification would be broken in my view. An operator at an ISP who set the policy automatic bounce for Paypal, Ebay and some others would be entirely sensible. It would not be good to have that option at the SEC or any other regulatory body that accepts statutory notices. I think we can actually come to consensus here. Despite the amount of heat we are actually saying compatible things. Its just a question of the right level. _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
