No it doesn't. If a mail has a valid signature the policy record does not need to be read at all.
If you say that 'I sign no mail' and you do sign a mail this does not force someone to ignore the signature as you suggest. If you sign no mail and say 'I sign some mail' the precise same result is achieved as if you said 'I sign no mail'. There is no distinction here. The only policy that is useful to a recipient is one that allows them to make deductions from the ABSENCE of a signature. The only policy that does that is I sign ALL mail. > -----Original Message----- > From: Thomas A. Fine [mailto:[EMAIL PROTECTED] > Sent: Thursday, September 07, 2006 10:48 AM > To: Hallam-Baker, Phillip; [email protected] > Subject: RE: [ietf-dkim] user level ssp > > Hallam-Baker, Phillip wrote: > >What is the difference on the recipient side between 'I sign no mail' > >and 'I sign some mail'? > > Well, in terms of receiving and validating email, then such a > policy would mean that if signed mail is received AND the > domain is marked as trusted then no spam filtering is > required for that email. Messages without signatures can > still be accepted, after traditional spam filtering. > > Whereas, "I sign no mail" means that it ALL has to go through > a traditional spam filter. One could make an argument that > such a policy would mean that any SIGNED mail from this > domain can be immediately dropped as invalid. In fact, one > could even argue that this is the only reason to have such a > policy, as it is the only way it could be different from a > nonexistent policy. > > And "I sign all mail" means that unsigned mail can be > instantly dropped. > This, from a verification point of view is the ideal > situation, and somewhere down the road, this will essentially > be the only policy. > > So there is a subtle difference at verification time. But I > fully agree that I don't expect anyone to use the > half-and-half policy, because it fails to protect the domain > or it's reputation. From the point of view of a mail forger, > there really is no difference, this domain is still just as > ripe for the picking. > > tom > > _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
