[Asrg] where the message originated (was: DKIM role?) (SM)
Ian Eiloart
iane at sussex.ac.uk
Tue Jan 20 05:44:36 PST 2009
--On 19 January 2009 13:37:50 -0500 Dotzero <dotzero at gmail.com> wrote:
>
>> Yes, I know. Presumably your bank doesn't email you through this list or
>> any other, though. What I'm after here is avoiding bank phishing. When
>> communicating with my bank, I want them emailing me directly, to my
>> current email address.
>>
>> I'd be just as happy if they used DKIM to sign the message. I'd still
>> need my mail client to tell me that it was signed properly, though. And,
>> signed by the owner of the address that I can see in the message headers.
>>
>
> How happy will you be when your ISP checked the DKIM signature
> upstream from your mail client, added in x-headers showing the check
> (and possibly other things) and broke the signature?
That would make me unhappy. Presumably they're not supposed to do that, but
doesn't DKIM allow the signer to say what they're signing? And, doesn't
that survive addition of new headers? If my ESP (of course I don't use my
ISP for email) broke a DKIM signature, I'd expect them to replace the
signature with a good one. But, I'd prefer that they simply delivered the
message unbroken.
Of course, all of this works better when it's correctly implemented.
--
Ian Eiloart
IT Services, University of Sussex
x3148
More information about the Asrg
mailing list