[ietf-dkim] Re: 3rd party signing
johnl at iecc.com
Fri Jul 28 08:55:25 PDT 2006
>> It may well be true that you only sign third party mail, but I still
>> don't understand what use a recipient might make of that information.
>> If they get unwanted mail from someone and you've signed it, they'll
>> complain to you regardless.
> A recipient will then have a valid party to complain to which is better
> than blocking a domain that has been spoofed.
I still don't understand the scenario. Let's call the domain isp.com.
A) No mail has an isp.com From: address, but mail with other From:
addresses may have an isp.com signature.
B) Mail goes out with From: addresses at isp.com, but none of it is
signed. Mail with other From: addresses may have an isp.com signature.
C) something else.
Scenario A is "we send no mail," with the possibility of third party
signatures on other mail being irrelevant. Like I said, if you sign it,
you'll get the complaints no matter what your SSP says.
Scenario B is technically possible but makes no sense. If you have the
ability to sign mail, why wouldn't you sign your own?
What am I missing here?
More information about the ietf-dkim