On Mon, 2006-07-31 at 10:02 -0400, John L wrote: > If a message has a signature, no amount of SSP can unsign it. It > might be able to say that a signature is missing, e.g., it's signed by > your ISP but the SSP says it's supposed to be signed by you, too.
Agreed. > The other axiom is that any useful SSP statement (again excepting I > send no mail) contains "all". Statements like "I sign some mail" are > useless, because they validate any message, signed or not. This depends. If there is a list of designated signing domains, and an exception that allows other non-designated domains, then the benefits might be limited to just the designated domains, where this would be useful in assuring delivery. > Statements like "I sign no mail" are useless because recipients will > already have figured that out when they see no signatures, or else > your SSP is broken if they do see signatures. The marginal benefit would be found when dealing with the handling of invalid signatures. Are they bogus or broken? A policy statement could short-cut several transactions attempting to deal with these cases. While there should be no key, the lack of a key could also occur for other reasons. Being direct seems to have some value. -Doug _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html