ietf-asrg
[Top] [All Lists]

Re: [Asrg] where the message originated

2009-01-12 06:52:42
Assuming DKIM gets traction, I can see that kiosk vendors will sign
 all their mail  with the kiosk's domain which will, with luck, get
 a good enough reputation that receivers will say, oh, that's
KioskCo, their mail is OK.

However, anyone can write "Gordon Peterson <gep2(_at_)terabites(_dot_)com>" on
that box's return address field. Do we really want that to be signed?

Signed by KioskCo?  Of course.  It really did come from their kiosk.
The whole point of DKIM is that that people can reliably take
responsibility for the mail that passes through their systems,
independent of the addresses in the visible headers or the SMTP
envelope.  I have no idea what kind of anti-abuse techniques KioskCo
might use, but if they're effective, why shouldn't people accept their
mail?

My point was that if all of KisokCo's kiosks apply the same signature,
that will be a large enough mailstream that recipients can form an
opinion of how good it is, even though the stream from each individual
kiosk would be too small.

R's,
John
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg