[mail-vet-discuss] Draft as of 9/4/2007
John L
johnl at iecc.com
Sun Oct 14 09:52:39 PDT 2007
> Surely you're not advocating a MUST NOT strip, or even a SHOULD NOT
> strip. The third parties can sign after all and then you'd just trust them
> directly.
Why, yes indeed, I'm advocating SHOULD NOT strip. Surely you haven't
forgotten that this is supposed to work with SPF and Sender-ID, where
forwarders can't sign without munging the message. Even if the forwarders
do sign, that doesn't tell us anything about the status of the message
when it arrived at the forwarder which is useful for spam forensics.
> Trying to expect unauthenticated cross administrative good bits to
> remain good is pretty crazy if you ask me.
There are cases where they do and cases where they don't, and it's not
hard to recognize the ones where they do. Personally, I think it's crazy
to break a useful application because a sufficiently inept user might
misuse it. If we're going down that path, I have a whole lot more
deletions to make.
R's,
John
More information about the mail-vet-discuss
mailing list