[ietf-dkim] Re: Delegating responsibility: a make vs.
buydesigndecision
Hector Santos
hsantos at santronics.com
Thu Aug 24 11:39:36 PDT 2006
----- Original Message -----
From: "Jon Callas" <jon at callas.org>
To: "Damon" <deepvoice at gmail.com>
> On 24 Aug 2006, at 10:38 AM, Damon wrote:
>
>> What do we do when there is no signature and no d= domain to
>> work with?
>> This is sort of hazy in my mind.
> You do anything you want to do. Perhaps more correctly, you do what
> you're doing now. If there's no signature, it's not a DKIM message.
>
Then this is a MAJOR loophole and it causes harm to verifiers and users,
never mind to domains who did not expect this. It lowers the payoff for
verifiers to even support DKIM and get this:
"Spammers now do not need to bother with DKIM.
A zero cost do nothing technological discovery!"
If we can resolve this, the value of DKIM-BASE has been watered down
tremendously.
--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com
More information about the ietf-dkim
mailing list