[ietf-dkim] The URL to my paper describing the DKIM policy options
mike at mtcc.com
Sun Jul 30 15:55:16 PDT 2006
Jim Fenton wrote:
>Hector Santos wrote:
>>With a signature existing, you will always need to check the SSP in order to
>>check for a "Never Sign" or "We don't send mail from domain. Its Forged"
>>So you always need to check for SSP first.
>So you mean "with a valid signature existing?" If so, isn't that a
>contradiction in the published information, so why should I assume SSP
Especially when you consider that would be a big fat juicy target
for a would-be DOS attacker: spoof SSP "i don't send email" policy
and now all of the sudden legitimately signed mail looks extremely
More information about the ietf-dkim