On 7/16/10 7:11 AM, Ian Eiloart wrote:
Yes, but why ask on a DKIM mailing list? I speculate that Dave wants
to modify it to build a reputation engine based on Author address, for
DKIM signed messages. With that, you don't have to forgive bad apples
just because they share an IP address with lots of good senders. Add
in reputation for envelope sender addresses when SPF passes, and you
have *per sender* reputation database for (for us) the majority of
inbound mail (that's passed IP reputation tests).
Clearly, your suggestion is not related to DKIM, which makes no identity
claim beyond the signing domain. In addition, the charter for this
working group excludes consideration of reputation and individual
identities, which appears justified.
If I had to guess, I suspect it was intended to solve ADSP's inability
to fully constrain the use of a domain. Even with a very rapid response
from a sender specific reputation scheme, such as VBR, bot-nets can
modulate source identities at a rate that tend to make reputation
schemes futile. A scheme that attempts to include individual users
would be encumbered with an massive database, making the process slower
and even more vulnerable. A well targeted phishing campaign making use
of a sub-domain that permits the use of mailing-lists will not trigger
any feedback, since the messages would appear to be compliant with ADSP.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html