--On 19 August 2010 12:29:35 -0400 Hector Santos <hsantos(_at_)isdg(_dot_)net>
DKIM signing clearly defines who takes responsibility for
signing an email
Responsible for what? Can I get sued when something goes wrong?
If you're doing stuff that's illegal, then your DKIM signature makes it
easier to prove a law suit against you. Similarly, if you're not doing
anything illegal, then your signature could provide evidence of tampering
by the recipient or a third party.
ADSP is only useful if it is implemented by draconian senders
like financial emailers who really really want all malformed
dkim signatures to be dropped regardless of consequences
Draconian? Maybe they don't to get sued when the new signer
ignorantly ignores policy and resigns the mail thus passing the
responsibility buck. You know the "You break, you own" pottery
principle. PAYPAL was pretty smart to put a official RFC sanctioned
technological disclaimer out there.
Yes, I wouldn't call an ADSP user draconian. Defensive (in a neutral
There is NO filtering usefulness using DKIM as it is
not reputation based. It does give one the ability to slow
down spoofing. If the signature matches then indeed the sending
ISP did in fact send it
But what if it didn't match? Do you continue sending potentially
Actually, there is filtering usefulness in DKIM, because it can be used in
conjunction with a reputation database.
Now why would anyone make time to evangelize against a
protocol at a conference is beyond me unless it was SPF :-)
Maybe because for so long everyone heard about how great DKIM is, with
years of no real proof or payoff shown, and now the conference
sponsors decided to add an opposing viewpoint or a viewpoint that
might suggest where there might be a payoff with DKIM.
IT Services, University of Sussex
For new support requests, see http://www.sussex.ac.uk/its/help/
NOTE WELL: This list operates according to