On Tuesday 08 August 2006 15:25, J.D. Falk wrote: > On 2006-08-08 11:43, Scott Kitterman wrote: > >> Sounds like false hope to me; as a big receiver, I can't imagine that > >> I'd ever want to blindly trust assertions made by an unknown sender. > > > > As both you and John L point out, this is a big issue. That's why I was > > thinking about it being something in DNS related to the policy record so > > that it would be at least slightly harder to lie about it. It's also why > > I started with IF... I recognized that if it can be trivially spoofed, > > then there's no reason to do it. > > We can accomplish that much without any changes to SMTP: > > - SMTP conversation happens as per usual > - receiver looks up MAIL FROM domain, checks SSP > - receiver decides whether to accept the message and check the > signature, or reject based on non-DKIM-related criteria > > Or am I missing something?
That's the lines I'd been thinking along. Scott K _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
