I'm a bit confused here (sorry I'm new on the list and I have not read ADSP in full)
Should we not query every time the DNS, to check that this domain will sign every message as policy and that a non signed message is therefore invalid? In the case of the ebay announcement that all messages will have a DKIM signature, how do you implement at the receiving MTA level this verification? ----- Original Message ----- From: "Murray S. Kucherawy" <[email protected]> To: "Hector Santos" <[email protected]> Cc: [email protected] Sent: Friday, 20 February, 2009 10:01:08 AM (GMT+1200) Auto-Detected Subject: Re: [ietf-dkim] NO DKIM "POLICY" On Thu, 19 Feb 2009, Hector Santos wrote: > What is the current recommended method to establish or expose that a > DOMAIN should not be signed, is not expected to be signed and that any > DKIM supportive receiver seeing a message with a signature from a > purported domain should be rejected with full confidence? > > Will a NULL public key do the trick? At the moment ADSP doesn't have such a mechanism. It could (and used to) but then one issue is that you always have to query for such a record instead of only querying when there's no valid author domain signature. _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
_______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
