John Levine wrote:
However, anyone can write "Gordon Peterson <gep2(_at_)terabites(_dot_)com>" on
that box's return address field. Do we really want that to be signed?
Signed by KioskCo? Of course.
Hm.. I'm not much into DKIM. It technically allows to sign false
identities, but doesn't (or shouldn't) it semantically imply that the
signers must have some (possibly small but still positive) degree of
trust that what they sign is correct? In that case the question is
whether KioskCo would really want to sign that, and publish their
slyness in their policy.
My point was that if all of KisokCo's kiosks apply the same signature,
that will be a large enough mailstream that recipients can form an
opinion of how good it is, even though the stream from each individual
kiosk would be too small.
Although a critical mass is a common requirement of most anti-spam
measures, requiring some kind of threshold for each single sender is
more of a weakness.
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg