> > >> The presence of a header field that is signed does not guarantee that it >> was placed there by the signer, merely that it was present when the >> message was signed. It therefore does not provide a mechanism for >> verifying that the requested destination address is authoritative for >> the domain. > > Oops. Right. I keep raising the same point about whether contents are > validated by DKIM. Sigh. > > So, there's a Pandora's box that this raises, which is how to use DKIM > in a way that has the semantics of claiming that bits of contents are > in fact valid? > > Correct, which is why I prefer it out of band for this effort.
>> Also, this is a policy statement by the domain. Their policy is that >> automated abuse reports should be sent to a specific address. My >> understanding of the current model for stating domain policy (as with >> ADSP) is a published record that can be queried. > > I don't recall that ADSP is meant to lay claim to the entire space of > such declarations. So the precedent that it does some of it ought not > to dictate the 'venue' for communicating the next bit; that decision > ought to hinge on whatever semantics, efficiency and validity issues > apply. > > Fair enough. I feel that the model fits the circumstances of this issue well enough, but I'm open to debate if anyone has a good argument for a different model. _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
