----- "Dave CROCKER" <[email protected]> wrote: > > > Michael Adkins wrote: > >> What is the basis for requiring it to be external. > >> > >> > > Where the signer wanted reports about the message to go at the time the > > message was sent is not relevant. Where the signer wants the reports to > > go at the time the report is generated is relevant. It is common for > > there to be a week or more delta between sending the message and a user > > submitting a report. There is many a slip between cup and lip. > > Oh. > > Interesting point. > > Anyone disagree with it? If so, how and why?
Michael point is correct > > > > The presence of a header field that is signed does not guarantee that it > > was placed there by the signer, merely that it was present when the > > message was signed. It therefore does not provide a mechanism for > > verifying that the requested destination address is authoritative for > > the domain. > > Oops. Right. I keep raising the same point about whether contents are > validated > by DKIM. Sigh. > > So, there's a Pandora's box that this raises, which is how to use DKIM in a > way > that has the semantics of claiming that bits of contents are in fact valid? > > I thought about putting the "I want ARF reports" information in the email or in the DNS. If it is solely in the DNS, then for every DKIM message, you have to query the DNS, to check if the signing domain wants ARF reports. I suspect most will not want them, or know what's that. This process may commit uneccessary resources. I feel important to state in the email that the signer wants an ARF report, and that the DNS could be used to verify that statment. On privacy issues, some ARF processors strip the report from any potential user identification, To: Message ID, email in the content etc...
_______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
