--- Eric Rescorla <ekr(_at_)networkresonance(_dot_)com> wrote:
Scott Kitterman <scott(_at_)kitterman(_dot_)com> wrote:
That may be true from the receiver's perspective. From the
perspective the primary value of reducing identity forgery is defensive.
a sender, what I want is for the forger/spammer to use some domain other
than mine or the ones I'm responsible for. If signing with DKIM and
publishing a policy saying that all messages are signed with DKIM provides
sifficent deterrent for the forger/spammer to go elsewhere, then from the
sender's perspective it's a victory. It's the flip side of the same coin.
I see your point but I don't consider this to really be the important
factor. The primary cost to the (alleged) sender of forged spam is
the cost of processing bounces
Not at all. Processing bounces is a mere matter of computing resources that
readily funded by high value domains. Does the cost of handling a billion
bounces per day have an impact on the bottom line of BankOfAmerica, I doubt
Scott's point, I think, is that he wants to protect the reputation of a high
value domain by making sure that only that high value domain can use that
identity. He is happy to let the scammers/phishers move to less protected
Can you explain what "protect the reputation of a high value domain" means
in this context?