Re: [dkim-milter-beta] Reminder about beta releases

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Please confine future comments about the beta releases to the beta list.

On Mon, 6 Aug 2007, Mark Martinec wrote:
> Why burdening senders with a SSP query when originator signature 
> verifies???

I used slightly too broad a stroke in describing this.  The case I need to 
cover in particular is unsigned messages, which weren't covered in the 
previous code.  We need to be able to tell if an unsigned message 
should have been signed.

Before that it was applying DomainKeys logic which stipulated that you 
would only go to a policy lookup when a message failed verification.

Also, the fact that I do an SSP evaluation (i.e. call the dkim_policy() 
function) doesn't always result in a DNS query.  To wit, step one of the 
algorithm laid out in section 4.4 of the draft says:

    1.  If a valid Originator Signature exists, the message is non-
        Suspicious, and the algorithm terminates.

There's no DNS involved in that test so running the algorithm on all 
messages, even those that succeed, is not a burden to the sender.

-MSK