[ietf-dkim] the usual misunderstanding about what DKIM promises
johnl at iecc.com
Fri Oct 22 18:43:45 PDT 2010
>> DKIM makes no statement about the validity of a "sender" address.
>I guess I should have said Author address.
DKIM makes no statement about the validity of an Author address.
>In practice, if I look at mail with yahoo.com author addresses for example,
>I find that with DKIM yahoo.com signatures, they're about a million times
>less likely to be forged than without those signatures. That's not to say
>that yahoo.com forbid forgery, but they may find that their mail stream
>reputation improves if they take measures to prevent forgery.
Sure. Yahoo goes to some effort to verify that its mail users control
the addresses they use, by sending a test message with a URL the user
has to click. But that's a characteristic of what Yahoo does which
you could tie to a d=yahoo.com signature, not of DKIM in general.
I make no attempt at all to control my users' From: lines, since I
know them all and don't expect them to misbehave. I do put in trace
info to tell who sent what, but you can't tell that from my DKIM
More information about the ietf-dkim