[ietf-dkim] I send nothing
Mark Delany
MarkD+dkim at yahoo-inc.com
Wed Jul 26 17:50:41 PDT 2006
On Wed, Jul 26, 2006 at 05:06:09PM -0700, Steve Atkins allegedly wrote:
> >No. Invalid signatures are to be ignored. In the case of a
> >mailing list, an invalid signature may be common for many years.
> >Only when there is an assertion that mail is never sent, can mail
> >be outright rejected, however scant.
>
> If a sender asserts that all mail is signed, and you receive mail
> purporting to be from that sender that isn't signed, are you
> suggesting that it should be delivered anyway? If so, what's the
> point of the sender asserting that all legitimate mail from them is
> signed?
+1
If a verifier ignores the "I sign everything" policy then they are
just as likely to ignore the "I send nothing" bit, where-ever that bit
may live.
There is a non-minor matter. Which "I" is not sending? From:, Sender:,
2821.MailFrom? All of the above?
Avoiding a re-dredge of that schizophrenia is going to be *quite* the
challenge.
Mark.
More information about the ietf-dkim
mailing list