On Jun 1, 2006, at 9:41 AM, Dan Oetting wrote:
On May 31, 2006, at 10:52 PM, Walter Dnes wrote:
It may help to preemptively address the forgery issue if the ISP
were to insure that the From address were valid before signing the
message. But this is an issue between the ISP and the user. If an
ISP is going to allow forged addresses why would their signature
verifying the address make any difference?
Real-life question...
1) How does any ISP (beyond a really small geek outfit) verify
that I
am authorized to use *(_at_)waltdnes(_dot_)org ?
A simple verification procedure would be to quarantine outgoing
email with unknown From addresses until the owner responded to a
confirmation request. This would present a difficulty for you if
you used a different From address for every outgoing email. The ISP
may decide to only verify your authorization once for any domain
and assume that any internal squabbles for forgeries within a
domain are someone else's problem.
Note that here I am only talking about an ISP preventing forged
addresses from being sent from their mail servers for which they
would be blamed. This part has nothing directly to do with DKIM
signatures.
There is an optional DKIM i= extension that defaults to a @<signing-
domain> template. The i= identity could be used to narrow the
qualified source of subscribed messages. When there is a specific
email-address noted in the i= extension, there could be reason to
presume the related email-address has been verified in some manner as
belonging to the account granted access. When this account is used
by a large organization, resolution at the individual may remain
doubtful.
-Doug
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg