ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] Not exactly not a threat analysis

2005-08-23 21:02:34
from [Scott Kitterman] [Permanent Link] 
domainkeys-feedbackbase02(_at_)yahoo(_dot_)com wrote:

--- Scott Kitterman <ietf-dkim(_at_)kitterman(_dot_)com> wrote:
So in your view, what is the accountability entity for a message sent to you, the MUA/MSA/MTA that signed the message or the MTA that sent you the message if they aren't the same? 


One definition of accountability might be; which party is best able to stop the
traffic if you don't want it.

Is stopping the traffic at a forwarder as useful as stopping the traffic at its
source?

I think a well-behaved forwarder is effectively transparent in the
responsibility chain as they are solely acting on the instructions of the final
recipient. In a sense, they are about as responsible as your LDA.

Another definition of accountability might be; who should I sue over the
traffic? Again, is it as useful to sue the forwarder or is the originator the
party you really want to take to court?

Given that forwarders do not create content I would categorize them as
competent or incompetent rather than responsible or not responsible.
I guess that depends on exactly what we are talking about. Some messages are pretty well inherently abusive while others it depends on the context.
If it's a message that has some inherent characteristic that makes it abusive (it's fradulent for example), then going to the source makes perfect sense.
If it's a message that is not inherently abusive, but unwanted by a particular recipient, then I think it's not so clear. Was the message delivered to the recipient that didn't want it because of an action of the sender, the receiver, or some third party? The signature tells you nothing about that.
Frankly all this discussion about let's go get the guy that signed the message makes me really wonder why I would ever want to sign a message. Back to my hobby horse of the week for a moment, unless you offer a benifit to the sender, they won't sign. To me being able to protect my domain name in a deterministic way would be a benifit potentially worth taking some risk for. Getting on a whitelist or being subject to some third party proprietary reputation vodoo doesn't get my blood moving. 

Scott Kitterman
_______________________________________________
ietf-dkim mailing list
http://dkim.org
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] Not exactly not a threat analysis, domainkeys-feedbackbase02
Next by Date:  Re: [ietf-dkim] Not exactly not a threat analysis, Jim Fenton
Previous by Thread:  Re: [ietf-dkim] Not exactly not a threat analysis, domainkeys-feedbackbase02
Next by Thread:  Re: [ietf-dkim] Not exactly not a threat analysis, domainkeys-feedbackbase02
Indexes:  [Date] [Thread] [Top] [All Lists]