On August 9, 2005 at 13:13, Dave Crocker wrote:
The intended thought was that having ANY accountable entity -- where the
accountability is meaningful -- improves the likely validity of the other
identity fields.
So, no, I had not intended to make direct validation of From or Sender a prim
ary
goal.
If I understand your goals correctly, you see DKIM mainly defining the
domain owner the accountable entity for messages sent from that domain
versus the author/sender of the message. This implies that the domain
owner has some effective "policing" mechanism of the messages that
come from that domain regardless of who the author/sender is.
The author/sender has no direct accountability, or verifiability,
of their messages, with the exception of whatever domain-defined
accountability mechanism may be in place. I.e. The author/sender
is only accoutable to the owner of the domain it sends message from.
If any messages from a domain are abusive in nature (e.g. phishing),
it is the responsibility of the respective domain owner to address
the offending authors/senders, assuming that not doing so could get
the domain's reputation tarnished.
Since end user recipients do not need DKIM-aware MUAs, determining
which domains are "abusive" are the responsibility of receiving
domain owners.
Am I accurate in my summation?
--ewh
_______________________________________________
ietf-dkim mailing list
ietf-dkim(_at_)mipassoc(_dot_)org
http://mipassoc.org/mailman/listinfo/ietf-dkim