[ietf-dkim] Delegating responsibility: a make vs. buy design
decision
Douglas Otis
dotis at mail-abuse.org
Mon Aug 21 09:25:31 PDT 2006
On Aug 21, 2006, at 8:28 AM, Paul Hoffman wrote:
> At 10:40 AM -0400 8/21/06, Damon wrote:
>>> It sounds like what you and few other people want is an SSP
>>> policy that says "if you receive a message that is supposedly
>>> from this site (for some definition of "from") and it doesn't
>>> have the mark that says that XYZ is authorized to sign the
>>> message, assume the message is forged". Is that a correct summary
>>> of the requirement you see?
>>
>>
>> I am glad you put a question mark at the end.
>
> But you didn't answer: is that a correct summary. (And, if not, is
> there a summary that looks like this one?)
This summary is not complete.
A list of designated domains can optionally indicate the following:
- The 2822.From is valid when signed by a designated domain.
- The domains authorized to sign for the 2822.From domain when
Exclusivity flag is set.
- When the list is empty and the Exclusivity flags is set, that no
mail is sent from the domain.
-Doug
More information about the ietf-dkim
mailing list