[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Domainkeys and ISPs

Michael Sprague wrote:
But I'm curious on how people feel, in general, about signing every
outgoing message.  I can see why some may consider that a Bad Thing(tm).
Disclaimer: I have not yet implemented DK on any of my servers. What I've read about DK says that it doesn't hash the message envelope. From the Wikipedia article: "If the only modifications en-route involve the addition or modification of headers before the DomainKey-Signature: header, the signature should remain valid; also the mechanism includes features that allow certain limited modifications to be made to headers and the message body without invalidating the signature."

If you want to sign the message anyway, however, then I guess nobody's stopping you from taking responsibility for the message.
Second, let's say spammer@spammer.com sends a message to
user@example.com and it gets by our spam filtering.  We forward to
user@yahoo.com.  If we sign it, are we helping spammer.com in any way?
Not as much as you're hurting yourself, I'd imagine. When you sign it, you're, essentially, taking responsibility for the message being out there on the wires. If your spam filtering sucks, then I imagine you risk showing up on some RBL's... or maybe a "MTA's with crappy spam filtering" list.
I guess my question is, by signing messages for domains one doesn't
control or manage, is one violating the spirit of DK and/or DKIM?
Mmmm.... I think "violating" is a little strong. You're certainly legitimately involved in the delivery process for "example.com", and you're not trying to thwart DK's effectiveness. You *are* possibly creating an extra step if someone needs to track down where that message ultimately came from, however... but that's small potatoes.

- Joe

Reply to: