>> Indeed. Does this mean you agree that SSP only applies to unsigned >> messages? (Actual non-rhetorical question.)
>I would agree here, except for one consideration. It makes it possible >to trivially bypass someone's policy by inserting a completely bogus >signature in all messages claiming to be from them. If anyone has a good >suggestion for how to tell the difference between a signature broken in >transit and one just made up ... As far as DKIM is concerned, there is no difference between a broken signature and no signature. A message that arrives with a bogus signature is unsigned. R's, John _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
