In <[EMAIL PROTECTED]> John Levine <[EMAIL PROTECTED]> writes: >>> 1 - All mail from this domain is signed (valid). >>> >>> 3 - This domain sends no mail (effectively equivalent to [1]). >> >>I don't think these two are equivalent. > > Sigh. Please provide an operational example where a reciever would > treat mail differently. To help things along, here are the cases:
Sigh. Please read the email you were responding to. I already gave the answer: : For the receiver, it : is much safer to reject email that has an 2822.From: coming from a : domain that says that they send no email than it is for the much more : generic case of "I sign all email". > a) Unsigned message from domain arrives. Since there is no valid > signature, there is no relevant key record in the DNS. > > Straightforward case analysis: > > 1-a: throw message away, it's forged No, don't throw it away because the lack of a valid signature may well be due to minor and innocent changes made during transmission. > 3-a: throw message away, it's forged Yeah, go ahead and throw it away. Again, as I said in the post you responded to, this is all about weighing the risks. Sure, for some receivers, the differing risks are irrelevant and it is ok to treat them the same, for others, that is not the case. Geez, and I thought you were all hot on not dictating receiver policy. -wayne _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
