ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ietf-dkim] on DKIM as an anti-spam measure

2005-08-16 15:10:03
from [Keith Moore] [Permanent Link] 
BTW, it may help to stop mentioning DKIM as an anti-spam measure,
and only refer to it within the context of the problem it actually
addresses: email identity forgery.  Of course, people will make
inferences that DKIM is an anti-spam measure, but DKIM documents
should not even mention spam.


Mumble.  Perhaps we shouldn't _say_ publicly that DKIM is an anti-spam
measure, but I'm very much of the opinion that DKIM must be constructed
in such a way as to be extensible in ways that could be used to
distinguish unwanted advertising from other mail.  

What I think this means is two things:

1. Authors need to be able to make coded assertions about the nature of
a message's content that can be used as input to spam filters'
decision-making.  DKIM must be capable of signing those assertions.  I
believe DKIM can do this now, though there is some question in my mind
as to whether it is robust enough for non-repudiation.

2. For any kind of reputation service that is based on user reporting
to be reliable, and to make it possible for recipients to prove claims
of abuse by advertisers, and also so that message senders can provide
recipient-specific incentives to read their messages, recipients need
to be able to prove that "this message was sent by <sender-address> to
<my-address>".  I don't think DKIM can do this as it's currently
defined.


The idea is to give "legitimate" advertisers a way to say "here is why
you should accept delivery of this message" and maybe "here is why you
should read this message".   Recipients can do with this as they wish.
Some recipients _need_ to be able to receive advertising of certain
types (and others want to do so) but hardly anyone wants to receive
arbitrary advertising.

In the world I envision, reputation services would not rate whether a
particular sender or domain spammed - but rather, whether a particular
sender or domain accurately labeled their messages, and the degree to
which they could be held accountable for mislabeled messages. 

Keith
_______________________________________________
ietf-dkim mailing list
http://dkim.org
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] Not exactly not a threat analysis, Michael Thomas
Next by Date:  Re: [ietf-dkim] on the suitability of the From header field, Keith Moore
Previous by Thread:  Re: [ietf-dkim] on the scope and necessity of threat analysis, SM
Next by Thread:  Re: [ietf-dkim] on DKIM as an anti-spam measure, John Levine
Indexes:  [Date] [Thread] [Top] [All Lists]