On Wed, Jul 26, 2006 at 05:06:09PM -0700, Steve Atkins allegedly wrote: > >No. Invalid signatures are to be ignored. In the case of a > >mailing list, an invalid signature may be common for many years. > >Only when there is an assertion that mail is never sent, can mail > >be outright rejected, however scant. > > If a sender asserts that all mail is signed, and you receive mail > purporting to be from that sender that isn't signed, are you > suggesting that it should be delivered anyway? If so, what's the > point of the sender asserting that all legitimate mail from them is > signed?
+1 If a verifier ignores the "I sign everything" policy then they are just as likely to ignore the "I send nothing" bit, where-ever that bit may live. There is a non-minor matter. Which "I" is not sending? From:, Sender:, 2821.MailFrom? All of the above? Avoiding a re-dredge of that schizophrenia is going to be *quite* the challenge. Mark. _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html