Douglas Otis wrote:
On Mar 22, 2009, at 8:01 AM, SM wrote:
I don't see much benefit in using DKIM for a blacklist model where
we have to play catch-up with the "bad guys".
Agreed, but DKIM will likely become a hybrid of acceptance and
provisional blocking.
Likely? I'll bet it!
I think it is incomprehensible to believe systems today, including
many own by some here, have the tolerance or will have the tolerance
to accept anything they don't like or deem as bad, nuisance,
especially if they can detect it and it comes with new level of
authority to reject it, bets your boots it will happen.
Look at it this way:
- How can you stop it?
If we don't have POLICY, there is all the evidence out there this will
become YAWP (Yet another Wasted Protocol), another high overhead and
bandwidth DomainKeys and with some systems already doubling it up,
DKIM + DOMAINKEYS, even higher wasted bandwidth.
If there is no payoff, it will be ignored, just like Domainkeys.
Thus far, I see no payoff. Where is the payoff?
Dave says,
A DKIM signature means that whoever controls the DNS
entry for the SDID is making some responsibility for
the message. A random bad actor, out there in the
wilds of the Internet, cannot use that SDID.
This is the core benefit of DKIM.
Well, many will see the this core benefit when REJECTION and
ACCEPTANCE was the measurable value - the payoff. To assume
only ACCEPTANCE is the payoff, is neglecting the important of
measurable failure.
The mindset of the 80s, 90s is being repeated here that was
erroneously written in stone in 2821:
This specification does not further address the
authentication issues associated with SMTP other than to
advocate that useful functionality not be disabled in the
hope of providing some small margin of protection against
an ignorant user who is trying to fake mail.
Lets not repeat, by some estimate, $13-$15 billion world wide, in the
words of Bush "under misestimation". We don't need 1, 2, 5 nor 10
years to realized that mail abuse will not be tolerated. It isn't
today. Why would DKIM make it more tolerable?
--
Sincerely
Hector Santos
http://www.santronics.com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html