> That said, there's a lot of agreement that filtering during SMTP is better > than accept-and-then-deal-with-it approaches. (cf. RFC5451, Appendix C) > Unfortunately post-DATA rejection is the only way that can be done, short of > changes to SMTP in the way of yet another extension that wouldn't receive > wide adoption in the short term anyway.
I hadn't realized how many medium-sized MTAs do their DKIM during the SMTP session. You learn something new every day. It still sounds like a design that *requires* that an MTA do DKIM at SMTP time would present a problem for some mail systems too large to ignore. For Ian, I'm still wondering if he's yet implemented a setup which knows at SMTP time what addresses deliver to mailing lists so it knows whether to reject or discard on ADSP failures. Still seems like a lot of work for a largely nonexistent problem. R's, John PS: > That no workable envelope-level DKIM equivalent has materialized to date > is unfortunate. Not for lack of trying, but I just don't see how you could prevent bad guys from replaying good envelopes on bad mail. _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
