On Jul 29, 2008, at 10:33 AM, der Mouse wrote:
A self-assertion which has a positive effect on the delivery rate of
the apparent sender is unlikely to be believed, as any crook can make
that assertion, and many will.
It's not quite so clear to me.
A self-assertion on the part of a sender which if believed would have
positive effect on mail _apparently_ from that sender, well, mostly
agreed, but see below.
A self-assertion on the part of a sender which if believed would have
positive effect on mail _actually_ from that sender seems like a
clear-cut case, but it's not quite so simple. Such assertions are
unlikely to be accepted blindly, but they _can_ be of use in that they
inherit the claimer's reputation: a sender with a good reputation can
usefully make such claims.
I'm talking about simple self-assertions. Once you put a reputation
system into this then it's a completely different game (but, once
there's
a reputation system in play then the benefits of positive self-
assertions
are... unclear).
If you know through some other means that the actual sender is
trustworthy then there are other possibilities for a receiver to make
some use of assertions that sender makes about a particular piece
of email (as in TEOS) but I'm not sure there's much real world demand
for that.
A self-assertion which has a negative effect on the delivery rate of
the apparent sender of mail is likely to be believed, as there's no
real incentive for the domain owner to publish it, apart from
"because it's true". "I send no mail" is the obvious example of that.
I disagree that there's no incentive to apparent senders to publish
such assertions: it makes them less attractive forgery targets. If
the
entity has a good reputation in non-email respects, this may be a
substantial benefit.
Yup. But there's no incentive to make a false negative self-assertion,
in any obvious case I can think of. The benefits are when it's true.
sent in-band perfectly well - it's prima facie false in that case,
but
that's not the same thing. (Admittedly, this is hairsplitting.)
Many other assertions are transmitted in-band "This is a mime
message", "This was sent on this date", "this was sent by this
person", "this is an html message" and so on.
Interesting you mention "this was sent by this person", because that's
an example of a self-assertion that can improve delivery - many
recipients use per-apparent-sender whitelists. The major reason such
assertions aren't useless in practice, I think, is that the
assertion's
effect is recipient-dependent.
The contents of the "From:" address, an smime signature, a dkim
signature, pgp encapsulation and a .sig file are all assertions that
"this was sent by this person".
Some are more trustworthy than others, but they're all useful to
base delivery decisions on - but only after you've tied them into
some sort of reputation system.
Cheers,
Steve
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/asrg