dkim-ops
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [dkim-ops] hammering with a soldering iron, was subdomain vs. cousin domain

2010-09-13 14:40:05
from [MH Michael Hammer (5304)] [Permanent Link] 



-----Original Message-----
From: dkim-ops-bounces(_at_)mipassoc(_dot_)org

[mailto:dkim-ops-bounces(_at_)mipassoc(_dot_)org]

On Behalf Of Murray S. Kucherawy
Sent: Monday, September 13, 2010 1:06 PM
To: dkim-ops(_at_)mipassoc(_dot_)org
Subject: Re: [dkim-ops] hammering with a soldering iron, was subdomain

vs.

cousin domain


-----Original Message-----
From: dkim-ops-bounces(_at_)mipassoc(_dot_)org [mailto:dkim-ops-
bounces(_at_)mipassoc(_dot_)org] On Behalf Of Hector Santos
Sent: Monday, September 13, 2010 9:58 AM
To: dkim-ops(_at_)mipassoc(_dot_)org
Subject: Re: [dkim-ops] hammering with a soldering iron, was

subdomain

vs. cousin domain

No Murray. But perhaps someone should be because the responsibility

is

now once again shifted from the passive 3rd party signer back to the
visible 1st party 8222.From equal d= domain transaction.  As far as
the potential millions of potential receivers are concern, the

Author

Domain is once again responsible for signing the message.


And rightly so, in this scenario.  But even if it's a visible

third-party

delegation, now the From: is associated with a third-party and a bad
signature.  Are you saying that's better?  If so, based on what?


Worst, when the signature fails, the wrong domain brand and unknown
reputation scoring across receivers is negatively hurt.


That would be a poor implementation.  A failed signature is supposed

to be

treated as no signature.



Murray, 

I think your last comment is perhaps the most interesting one. As John
Levine frequently reminds us as he invokes King Canute, we cannot tell
receivers what to do. I don't know if this association exists, but if
receivers find an association between failed signatures and malicious
email I can just about guarantee you that they will take advantage of
that data point..... Regardless of what the standard says. Bottom line,
a failed signature will be treated in accordance with those things that
a failed signature is perceived to be associated with.

I don't know if we got it "right" in saying how a failed signature
should be treated. Only time will tell.

Mike

_______________________________________________
dkim-ops mailing list
dkim-ops(_at_)mipassoc(_dot_)org
http://mipassoc.org/mailman/listinfo/dkim-ops
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [dkim-ops] BCP for authorizing third-parties ([...] was subdomain vs. cousin domain), Murray S. Kucherawy
Next by Date:  Re: [dkim-ops] BCP for authorizing third-parties ([...] was subdomain vs. cousin domain), MH Michael Hammer (5304)
Previous by Thread:  Re: [dkim-ops] hammering with a soldering iron, was subdomain vs. cousin domain, Hector Santos
Next by Thread:  Re: [dkim-ops] hammering with a soldering iron, was subdomain vs. cousin domain, Murray S. Kucherawy
Indexes:  [Date] [Thread] [Top] [All Lists]