domainkeys-feedbackbase02(_at_)yahoo(_dot_)com wrote:
--- Scott Kitterman <ietf-dkim(_at_)kitterman(_dot_)com> wrote:
So in your view, what is the accountability entity for a message sent to
you, the MUA/MSA/MTA that signed the message or the MTA that sent you
the message if they aren't the same?
One definition of accountability might be; which party is best able to stop the
traffic if you don't want it.
Is stopping the traffic at a forwarder as useful as stopping the traffic at its
source?
I think a well-behaved forwarder is effectively transparent in the
responsibility chain as they are solely acting on the instructions of the final
recipient. In a sense, they are about as responsible as your LDA.
Another definition of accountability might be; who should I sue over the
traffic? Again, is it as useful to sue the forwarder or is the originator the
party you really want to take to court?
Given that forwarders do not create content I would categorize them as
competent or incompetent rather than responsible or not responsible.
I guess that depends on exactly what we are talking about. Some
messages are pretty well inherently abusive while others it depends on
the context.
If it's a message that has some inherent characteristic that makes it
abusive (it's fradulent for example), then going to the source makes
perfect sense.
If it's a message that is not inherently abusive, but unwanted by a
particular recipient, then I think it's not so clear. Was the message
delivered to the recipient that didn't want it because of an action of
the sender, the receiver, or some third party? The signature tells you
nothing about that.
Frankly all this discussion about let's go get the guy that signed the
message makes me really wonder why I would ever want to sign a message.
Back to my hobby horse of the week for a moment, unless you offer a
benifit to the sender, they won't sign. To me being able to protect my
domain name in a deterministic way would be a benifit potentially worth
taking some risk for. Getting on a whitelist or being subject to some
third party proprietary reputation vodoo doesn't get my blood moving.
Scott Kitterman
_______________________________________________
ietf-dkim mailing list
http://dkim.org