offlist. Wietse Venema wrote: >> After all, what is the purpose of DKIM? > > Thanks for asking. The purpose of DKIM is to trace back signed mail > to signing parties. > > For example, suppose that you have confidence in your bank's DKIM > signature. Then you can use it to distinguish between mail from > the bank, and phishing mail that pretends to be. Note that it does > not matter what their rfc822.from says. It's the bank's DKIM > signature that forms the primary basis for trust. > > Another example: suppose that I receive mail from a mailing list. > I trust the list server's DKIM signature, so I can distinguish > between mail from the list server and mail that pretends to be. > Again, note that it does not matter what their rfc822.from says. > It's the list server's DKIM signature that forms the primary basis > for trust. > > With first-party signatures, things simplify conceptually and > technically to the point of elegance. This is one reason why I > express preference for first-party signatures. But even in this > special case, it is the DKIM signature that forms the primary > basis for trust. The rfc822.from is secondary.
Nicely stated. d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html