ietf-asrg
[Top] [All Lists]

Re: [Asrg] where the message originated

2009-01-12 10:42:26

On Jan 12, 2009, at 4:44 AM, Alessandro Vesely wrote:

John Levine wrote:
However, anyone can write "Gordon Peterson <gep2(_at_)terabites(_dot_)com>" on
that box's return address field. Do we really want that to be signed?
Signed by KioskCo?  Of course.

Hm.. I'm not much into DKIM. It technically allows to sign false identities, but doesn't (or shouldn't) it semantically imply that the signers must have some (possibly small but still positive) degree of trust that what they sign is correct?

No. The signature only means that the message you received was the one signed by the signing identity.

In that case the question is whether KioskCo would really want to sign that, and publish their slyness in their policy.

My point was that if all of KisokCo's kiosks apply the same signature,
that will be a large enough mailstream that recipients can form an
opinion of how good it is, even though the stream from each individual
kiosk would be too small.

Although a critical mass is a common requirement of most anti-spam measures, requiring some kind of threshold for each single sender is more of a weakness.

Any mail system that only allows mail to be sent one at a time, and requires that the mail be hand-typed (rather than stored in a signature or pasted in) and which charges for the service via a credit card is going to be a negligible source of abusive email.

KioskCo is definitely going to want to sign the outbound mail with their identity, as that identity is unlikely to get a bad reputation and will likely get a good reputation over time.

Worst case, DKIM signing the mail will have no effect. More likely it will have some positive effect at some recipients. It's a nice example of why DKIM signing even low volume sources of mail can be a good idea, if they have the resources to actually do the signing.

Cheers,
  Steve

_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg