[ietf-dkim] DKIM on envelope level
Dave CROCKER
dhc at dcrocker.net
Thu Oct 29 06:45:31 PDT 2009
Rolf E. Sonneveld wrote:
>> ... if they can do so, you accept the entire email.
>>
>> In either case you accept the entire email,
>
> Not necessarily. Many if not most Edge ADMD MTA's perform all sorts of
> actions after the MAIL FROM phase and before the DATA phase. Think of
> greylisting, call back verification, use of RHSBL, use of local BL and
> WL's, etc. etc.
I was just at a session at an industry trade association where the question of
doing DKIM during SMTP came up. There were operations folk who very much liked
the idea of being able to obtain some DKIM benefit during the SMTP session,
before the dot...
No one suggested modifying SMTP or DKIM specifications.
What /was/ discussed was the possibility of doing a signature that would
validate before DATA. This merely requires a signature that does not cover the
body.
I can't say that anyone sounded hugely enthusiastic about this, but given that
there was interest in SMTP-time benefit, I think they just needed to think about
this more.
Having two signatures, with one covering the body and relevant parts of the
message header, and the other only covering the header, strike me as a plausible
use of DKIM, worth considering. I've no idea whether it would provide any or
enough value-add. However it is only a stylized use of the existing standard,
and so the cost of experimenting with it is reasonable.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
More information about the ietf-dkim
mailing list