If the DKIM specification explicit states that it provides an
accountable identity for a message without mentioning what is
involved for being accountable, then you may get adoption problems.
That hasn't been a problem up to now. I get the impression that most
people anticipate doing triage like I suggested a few messages back,
whitelist the ones with good reps, blacklist the ones with bad reps, do
nothing special to the ones with no rep.
To better facilitate the functioning of these systems, the role of the
signer should be captured.
I find this assertion far from self-evident. Sure, if we could collect
more info about messages at no cost with perfect reliability, that would
be nice. But we can't. Can we collect enough that what we get is worth
the hassle of collecting it and the mistakes when it's wrong? I see no
reason to think so, and I specifically do not believe that it is possible
to get signers to reliably describe their roles. Even in the trivial
looking case case where the signer and the return address are in the same
domain, you don't know how many agents are lurking within that domain, and
there's little reason to believe what they say about themselves.
Should a forwarder (e.g. college alumni permanent address service) have
the same level of accountability as the originating domain (the domain
that received the initial submission of a message)?
I don't see why not. If they're sending me mail, they should be
accountable, and if it's spam, I'm not happy about it. It's possible that
since I asked the alumni assn. to send me the mail, I may accept it even
if it's mostly forwarded spam (it is and I do, at the moment), but that's
a local decision about reputation, not accountability.
Regards,
John Levine, johnl(_at_)iecc(_dot_)com, Primary Perpetrator of "The Internet
for Dummies",
Information Superhighwayman wanna-be, http://iecc.com/johnl, Mayor
"I dropped the toothpaste", said Tom, crestfallenly.
_______________________________________________
ietf-dkim mailing list
http://dkim.org