Rolf E. Sonneveld wrote: >> ... if they can do so, you accept the entire email. >> >> In either case you accept the entire email, > > Not necessarily. Many if not most Edge ADMD MTA's perform all sorts of > actions after the MAIL FROM phase and before the DATA phase. Think of > greylisting, call back verification, use of RHSBL, use of local BL and > WL's, etc. etc.
I was just at a session at an industry trade association where the question of doing DKIM during SMTP came up. There were operations folk who very much liked the idea of being able to obtain some DKIM benefit during the SMTP session, before the dot... No one suggested modifying SMTP or DKIM specifications. What /was/ discussed was the possibility of doing a signature that would validate before DATA. This merely requires a signature that does not cover the body. I can't say that anyone sounded hugely enthusiastic about this, but given that there was interest in SMTP-time benefit, I think they just needed to think about this more. Having two signatures, with one covering the body and relevant parts of the message header, and the other only covering the header, strike me as a plausible use of DKIM, worth considering. I've no idea whether it would provide any or enough value-add. However it is only a stylized use of the existing standard, and so the cost of experimenting with it is reasonable. d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
