John R. Levine wrote: >> I have lots of mailboxes internally that have mail shoveled to them >> based on From:. If the mail is from a source that I trust, "i=" would >> be just as useful that way.
> We all filter on From:. If you know the domain is well-behaved, what's > the point of using i= rather than From: ? +1 > I'm not trying to be perverse, but this feels a lot like an > answer looking for a question. >> example.com, which has a good reputation or is whitelisted, can be >> further vetted using "i=" since I implicitly trust it's being used >> properly. > Again, I have trouble reading this as other than human shields. If > example.com is mostly OK, why should it be anyone else's job to sort out > the stuff that's not OK? Isn't that a conflict? If the other stuff is not ok, then we have invalid signatures which are not candidates for the proposed DKIM reputation assessment model. Lets keep in mind the origins for its usage when POLICY was still focused WG interest and it applied to dealing with all signature violations, including a conceivable fraud attempt in masking i=. But with reputation being the key focus now, because i= would already have a verifiable relationship with the d= value, I see less value in passing this to the engine unless it is something that reflects the 5322.From address and even then, the 5322.From is also hash bound signature requirement. So with a reputation mindset only, I can only see i= useful for logging or tracing. -- Hector Santos, CTO http://www.santronics.com http://santronics.blogspot.com _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html