On Nov 16, 2005, at 12:47 PM, Stephen Farrell wrote:
A claim made in the charter of detecting spoofing depends upon a
comparison of the signing-domain with the email-address domain.
There is no such absolute claim that I can see in the draft
charter [1].
The charter still offers justification for pursuing constraints on
the email-address. That aspect should be removed from the charter
and deferred to permit broader consensus independent of the DKIM
effort. In the meantime, the base DKIM can developed and deployed.
To offer a comprehensive solution for sites where transactional email
is being commonly spoofed, a BCP should be created perhaps in
cooperation with the APWG. Several criteria could then be applied,
where one should include DKIM signatures. The fastest effective
response to the ongoing problem would be to dedicate a zone and list
those domains that indicate they are in compliance in the BCP. We or
others could offer that service as a means to expedite DKIM
development. : )
-Doug
_______________________________________________
ietf-dkim mailing list
http://dkim.org