Murray S. Kucherawy wrote: >> -----Original Message----- > What this tells me is: Ignoring ADSP, if a domain sometimes signs its > mail, then mail from it (signed or not) is usually not spam. From this I > suspect we could conclude that a missing signature doesn't tell us much > of anything.
And it would be an incorrect conclusion. This shows a lack of understanding of policy concepts. Look, I can clearly say right now, that 100%, not 99.99% of all DKIM signed mail in my PCN have untrusted SIGNERS even if I known who they are - they are 100% not vouched. I will venture that the majority DKIM receivers see a 100% or close to it. Is that evidence to conclude that the TRUST idea is bad? No. Now, if I had a local table of TRUSTED signer domains, then I can make an assertion that an VALID signature from that signer is ok, but if I see it broken, its going to a classification that is lower than OK. In the same vain if an Author Domain has a policy says THIS, but you see THAT, thats a clear policy violations. Either way, Author or Signer - there is always a policy concept involved - when you have neither, then we have want we have now which is pretty much nothing. -- Hector Santos, CTO http://www.santronics.com http://santronics.blogspot.com _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
