On Aug 5, 2006, at 10:41 AM, John Levine wrote:
"I sign all": Your users and my business may be harmed by accepting
unverified mail claiming to originate from my domain. It is in our
mutual interest for you to not deliver such mail to your users.
I am an adult of voting age and accept the possibility that
deliverability of my traffic may reduce as a consequence.
If "I sign all" means anything at all, this is what it means.
To prevent DKIM from creating delivery problems for those wanting to
indicate a signing domain relationship with their From domain, "I
sign all" should be couched slightly differently.
Policy assertion suitable for normal use:
"Listed domains sign all messages for From domain" Any message
appearing to be issued directly from one of the listed domains SHOULD
have a valid DKIM signature. It would be in the signing and
verifying domain's mutual interest for messages with invalid
signatures that are subject to this policy to not be delivered,
unless they appear to be on behalf of this domain from a known
reputable source.
Suitable for domains that are phishing targets:
"Listed domains sign all messages for From domains _and_ non-
complaint services are not used" Any message from one of the listed
domains MUST have a valid DKIM signature. It would be in the
signing and verifying domain's mutual interest for messages with
invalid signatures that are subject to this policy to not be
delivered. No exceptions!
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
