On Nov 2, 2005, at 10:32 AM, Scott Kitterman wrote:
On 11/02/2005 13:19, Douglas Otis wrote:
...
...of no signature? This seems to force the use of SSP and
completely ignore the reputation of the signing-domain, does
it not?
That's a feature, not a bug.
Twisting arms? Shifting accountability onto the email-address domain
owner exposes them to all types of abuse well beyond their control
and knowledge. The administrators of systems sending messages have
oversight and ability to take effective action at blocking
compromised accounts spewing malware and other types of abuse.
Holding the email-address domain owner accountable is not fair and
does little to stem the tide.
This system needs to be fair and effective when applied within an
environment occupied by a massive number of compromised systems.
This is once again attempting to devise a scheme where the consumer
of email services must pray their provider protects their domain, but
who will be clueless when they don't. Message replay abuse? Not the
provider's problem.
Binding the email-address to the provider does not offer any real
solution at abating abuse unless the plan is to white-list only a
limited number of providers. It would also seem there is a slogan
"Email-address authorization means it is no longer the
administrator's problem." Providers know they can twist arms and
force email-address domain owners to authorize or have their messages
deleted. Is it funny how the behavior of the actual transport
provider is then ignored?
-Doug
_______________________________________________
ietf-dkim mailing list
http://dkim.org