[ietf-dkim] Blocking/Restritive-Policy vs
Annotation/Associative-Policy
Hector Santos
hsantos at santronics.com
Fri Dec 8 15:05:57 PST 2006
Douglas Otis wrote:
>
>> I'm sorry. What section in the DKIM specification does it say it
>> "requires the MUA to verify signatures"?
>
> The DKIM specification does not indicate how protective benefits are
> derived. It surely does not say the MUA can not verify signatures.
> DKIM use at the MUA has an advantage over SPF that must often depend
> upon Received headers including the optional IP address of the SMTP client.
Whatever, it does not say DKIM "requires the MUA to verify signatures."
>>> Blocking at the MTA can not offer adequate protection.
>>
>> Whats wrong with expecting this is not a highly probably event?
>
> Because bad actors adapt where then you might then detect a few percent
> of lazy ones as with SPF.
Who's talking about SPF?
>>> Blocking via policy definitely does _not_ offer much in the way of
>>> protection, but will require a significant level of support
>>> explaining why various messages are being rejected.
>>
>> It will?
>>
>> - A domain does not expect mail. Pretty good protection
>> - A domain requires mail to be sign. Pretty good protection
>
> Only when message originators are recognized and verified by the MUA,
Nope, once again, MUA are not required. I can do the above easily at the
MDA.
More information about the ietf-dkim
mailing list