On Dec 8, 2006, at 7:05 AM, <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>
wrote:
Slight disagreement
" No. AIUI DKIM is supposed to operate mainly between the 1st MTA
after the sending MUA and the last MTA before the receiving MUA
(though smarter MUAs that sign their own, or verify their own are
welcome to try)."
I would suggest that DKIM operates between the signing MTA and the
edge boundary MTA of the receiving domain that is the certifier of
DKIM signatures which may be a smart MUA but is more likely a
filtering MTA at the ISP.
Signing is not limited to the MTA, it can be done at the MUA. In
addition, protections afforded by DKIM requires the MUA to verify
signatures or obtain trustworthy signaling from the MDA. Blocking at
the MTA can not offer adequate protection. It would be wrong to
expect blocking at the MTA via restrictive policy produces a
significant effect on the level of abuse. Blocking via policy
definitely does _not_ offer much in the way of protection, but will
require a significant level of support explaining why various
messages are being rejected.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
