On May 22, 2009, at 1:00 PM, J.D. Falk wrote: > Doug Otis wrote: > >> Providers insert ads into the messages. Who is user be required to >> trust, and how will they know who generated the link? It is not >> uncommon to find providers, in pursuit of revenue, post ads >> referencing websites that become compromised due to lax security >> and end up containing IFRAMEs that load malware. > > Sounds like an argument /against/ allowing part of a message to be > signed, and part not.
By having a body length parameter as part of the DKIM protocol, whenever offered by the signer, users can employ MUAs that properly indicate which portions of a message originated by the signer, and which did not. This might be done by distinctively enclosing the included portions. Often appended comments mess up page formatting whenever lines extend beyond the edge of a page. Don't you hate that? Currently, use of RFC 5451 allows providers to include anything they wish, while still purporting the entire message to have been originated by the signer. This is wrong, regardless of any number of providers demanding MTA that offer such a dubious feature. :^( -Doug _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
