Re: Domainkeys and ISPs
Michael Sprague wrote:
Disclaimer: I have not yet implemented DK on any of my servers. What
I've read about DK says that it doesn't hash the message envelope. From
the Wikipedia article: "If the only modifications en-route involve the
addition or modification of headers before the DomainKey-Signature:
header, the signature should remain valid; also the mechanism includes
features that allow certain limited modifications to be made to headers
and the message body without invalidating the signature."
But I'm curious on how people feel, in general, about signing every
outgoing message. I can see why some may consider that a Bad Thing(tm).
If you want to sign the message anyway, however, then I guess nobody's
stopping you from taking responsibility for the message.
Not as much as you're hurting yourself, I'd imagine. When you sign it,
you're, essentially, taking responsibility for the message being out
there on the wires. If your spam filtering sucks, then I imagine you
risk showing up on some RBL's... or maybe a "MTA's with crappy spam
Second, let's say email@example.com sends a message to
firstname.lastname@example.org and it gets by our spam filtering. We forward to
email@example.com. If we sign it, are we helping spammer.com in any way?
Mmmm.... I think "violating" is a little strong. You're certainly
legitimately involved in the delivery process for "example.com", and
you're not trying to thwart DK's effectiveness. You *are* possibly
creating an extra step if someone needs to track down where that message
ultimately came from, however... but that's small potatoes.
I guess my question is, by signing messages for domains one doesn't
control or manage, is one violating the spirit of DK and/or DKIM?