Douglas Otis wrote:
Defensive strategies must find a different identifier assured by the
domain as a unique basis for locating trouble. This is simply being
pragmatic, but this new identifier will not impact the way email
operates, as would adding constraints on the mailbox-domains. MASS
should adhere to an oath that above all, do no harm to remove all
excuses. : )
You can't stop forgery without stopping forgery. Some things that are
perhaps technically forgery are considered desireable. Other things
that aren't forgery might be affected by forgery prevention protocols.
I'm not on a 5-10 year timetable that says things get better after the
whole world upgrades.
I don't believe it is possible to have any near-term positive effect
without also having some potential for near-term harm. DKIM should
allow for restrictive policies for domain owners that are willing to
live with the side effects of those policies.
I ask you which would be worse for a commonly phished domain, that their
messages would fail verification if sent to a mailing list or that
forgeries of their domain would continue to be delivered to end users?
I expect that many domains would be willing to give up mailing lists for
a way to enable receivers to detect and reject forgery of their domain
during the SMTP session.
I think it's DKIM's job to give them the choice and the information to
make an informed decision.
First do no harm is fine if the patient isn't dying already.
Scott Kitterman
_______________________________________________
ietf-dkim mailing list
http://dkim.org