ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] on DKIM as an anti-spam measure

2005-08-16 19:39:19
1. Authors need to be able to make coded assertions about the nature
of a message's content that can be used as input to spam filters' 
decision-making.  DKIM must be capable of signing those assertions.

Could you give some examples of these assertions, and how they would
be useful in practice for a spam filter that you would use?  (I'm much
less interested in what some hypothetical person might want than in
stuff that we actually do want.) The Project Lumos spec had all sorts
of fine grained assertions about messages and senders, and although they
looked very useful for a bulk mailer who wanted recipients to do his
list management for him, none of them were at all useful to recipients.

If you're thinking of assertions like "this is transaction mail" and
"this is list mail", in what ways would you treat messages with those
assertions differently if they're both from a signer you trust?  How
about if they're both from a signer you don't trust?

recipient-specific incentives to read their messages, recipients need
to be able to prove that "this message was sent by <sender-address> to
<my-address>".

Why?  I care a lot about who the sender is.  If the sender has a good
reputation, I want his mail.  This smells a whole lot like the replay
nonsense that I thought we dealt with a few weeks ago.  In theory, I
understand that it's possible that someone might resend messages to
other recipients for hostile purposes.  In practice, I see little
incentive for someone to do so.

The idea is to give "legitimate" advertisers a way to say "here is why
you should accept delivery of this message" and maybe "here is why you
should read this message".

In the world I envision, reputation services would not rate whether a
particular sender or domain spammed - but rather, whether a particular
sender or domain accurately labeled their messages, and the degree to
which they could be held accountable for mislabeled messages. 

Yeah, Lumos was all about that.  You know what?  Recipients don't
care.  

If a sender has a good reputation, recipients will take all of their
mail.  If it has a bad reputation, they'll reject it.  I realize that
it is theoretically possible that there could be senders that send
mail that is accurately labelled as UBE, but I have trouble
understanding why anyone would do it, since recipients would still
reject it all.  Why demand a system to support scenarios that aren't
going to happen?

R's,
John
_______________________________________________
ietf-dkim mailing list
http://dkim.org

<Prev in Thread] Current Thread [Next in Thread>