Joe Peterson wrote:
> With DKIM, according to my understanding, you are supposed to treat a
> "bad" sig the same way you'd treat "no" sig. So it would neither help
> nor hurt to have a bad signature; it would be like having none (or a
> missing sig).
>
> Personally, I think DKIM would be a whole lot more effective and
> powerful if we *could* treat bad sigs as bad. Also, I think there is
> danger of people reacting to bad signatures negatively. Personally, I'd
> eye a failed sig with a more suspicious eye than no sig.
>
Until, of course, you rejected a piece of mail which had an x-million dollar
deal in it... one thing we found out is that while people hate false
negatives,
mail admins *really* hate false positives. The truth of the matter is
that shit
happens in the mail system and overreacting based on single factors is a
great recipe for generating lots of false positives. As an individual
decision
you can set your own tolerance level, but you quickly become a lot
more conservative if you're doing it at a (large) group level.
Mike
_______________________________________________
Mailman-Developers mailing list
Mailman-Developers@python.org
http://mail.python.org/mailman/listinfo/mailman-developers
Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
Searchable Archives:
http://www.mail-archive.com/mailman-developers%40python.org/
Unsubscribe:
http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org
Security Policy:
http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp
