In <[EMAIL PROTECTED]> [EMAIL PROTECTED] (Wietse Venema) writes: > 1 - All mail from this domain is signed (valid). > > 3 - This domain sends no mail (effectively equivalent to [1]).
I don't think these two are equivalent. Again, 3) says what the sender does or not do. For the receiver, it is much safer to reject email that has an 2822.From: coming from a domain that says that they send no email than it is for the much more generic case of "I sign all email". This is very similar to being much safer to reject email from the 2821.MAILFROM or 2821.HELO that has an SPF record of "v=spf1 -all". And, note that the DKIM SSP and the SPF records cover different identities, there is value in having both. -wayne _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
