On Oct 6, 2005, at 12:43 PM, Dave Crocker wrote:
The threat analysis characterizes the bad acts as the spoofing of
email addresses.
I send very obnoxious mail.
You do not want to receive my mail.
DKIM is extremely helpful for this scenario because the negative
reputation that you have assigned to my identity (errr... domain)
can now be reliably and accurately applied.
You could not do that so safely in the past.
With DKIM you still can not prevent an obnoxious sender who is using
a domain that also permits various mail-addresses, unless you want to
block all of yahoo.com for example. Include the opaque-identifier
concept, and then you could block the obnoxious individual
independent of the mail-address being used at the time or the size of
the domain. : )
I don't think you are suggesting that everyone must now only use the
mail-address provided by the immediate provider. I see that you
don't. : )
Deal with the replay problem and DKIM allows reputation to be
extended to the domain name rather than just the IP address of the
client. Much of the grief occurs when there is unintended collateral
blocking. When done using the opaque-identifier, then you also have
your desired feature.
-Doug
_______________________________________________
ietf-dkim mailing list
http://dkim.org