Unequal treatment RE: Additional lookups (was Re: [ietf-dkim]
Re: 1368 straw-poll)
Douglas Otis
dotis at mail-abuse.org
Fri Mar 2 13:20:44 PST 2007
On Mar 2, 2007, at 1:01 PM, Eliot Lear wrote:
> The only question this leads to is whether the unverified address
> is valuable without a valid DKIM signature, and YMMV, especially in
> the beginning (like now).
Checking against a reputation or accreditation system before
validating signatures prevents the acceptance level from leaking to
bad actors. This approach also eliminates wasted overhead related to
signature validation. The real question is whether DKIM will have
any value (valid or invalid) without there being a disposition
asserted by accreditation or reputation. Only when the disposition
for a valid signature is positive, would there then be value knowing
the validity of the signature.
When negative-disposition -> reject;
When invalid -> ignore;
When valid -> annotate;
-Doug
More information about the ietf-dkim
mailing list