On Fri, 4 May 2007, Douglas Otis wrote:
One still can't safely infer that [some](_at_)example(_dot_)com email-address is
genuine, even when signing and email-address domains match.
...nor did DKIM ever claim such.
This overlooks rather complex issues of safely communicating to the user
the set of conditions considered necessary upon which trust is based.
It assigns the handling of such complex issues to the system
administrator, who is at least in part responsible for local policy
definition and enforcement rather than the user.
I don't expect my users to understand DKIM or its implications, but I do
expect myself (as my domain's administrator) to understand them and pass
that benefit on somehow by simplifying it as much as possible.
In addition, such trust makes an assumption that the signing domain is
performing email-address validation. That assumption is not based upon
any sender assurances.
No, it's making the assertion that I don't care about local-parts when
they come from domains that sign and then successfully verify using DKIM.
I don't know what local-parts might be valid or invalid, but to some
extent I don't care either.
DKIM renders difficult the spoofing of domain names on e-mail. What
you're talking about is preventing spoofing even of local-parts. While it
can't hurt to have such a capability, I don't find its absence to be much
of a showstopper either.
-MSK
_______________________________________________
dkim-dev mailing list
dkim-dev(_at_)mipassoc(_dot_)org
http://mipassoc.org/mailman/listinfo/dkim-dev