Michael Sprague wrote:
Disclaimer: I have not yet implemented DK on any of my servers. What I've read about DK says that it doesn't hash the message envelope. From the Wikipedia article: "If the only modifications en-route involve the addition or modification of headers before the DomainKey-Signature: header, the signature should remain valid; also the mechanism includes features that allow certain limited modifications to be made to headers and the message body without invalidating the signature."But I'm curious on how people feel, in general, about signing every outgoing message. I can see why some may consider that a Bad Thing(tm).
If you want to sign the message anyway, however, then I guess nobody's stopping you from taking responsibility for the message.
Not as much as you're hurting yourself, I'd imagine. When you sign it, you're, essentially, taking responsibility for the message being out there on the wires. If your spam filtering sucks, then I imagine you risk showing up on some RBL's... or maybe a "MTA's with crappy spam filtering" list.Second, let's say spammer@spammer.com sends a message to user@example.com and it gets by our spam filtering. We forward to user@yahoo.com. If we sign it, are we helping spammer.com in any way?
Mmmm.... I think "violating" is a little strong. You're certainly legitimately involved in the delivery process for "example.com", and you're not trying to thwart DK's effectiveness. You *are* possibly creating an extra step if someone needs to track down where that message ultimately came from, however... but that's small potatoes.I guess my question is, by signing messages for domains one doesn't control or manage, is one violating the spirit of DK and/or DKIM?
- Joe