ietf-dkim
[Top] [All Lists]

RE: [ietf-dkim] The URL to my paper describing the DKIM policy options

2006-07-27 17:14:58
As an example, an ISP that has 10k business customers who potentially
will want signed mail a
Commercial.isp.com signing domain would assert
I only sign 3rd party
Using current software I would only sign customers that have been
pre-approved. If those customers SPAM for whatever reason, neglect or
deliberate I now have a more accurate method of shutting them off. Abuse
is reported to me as the signer, I then using internal policies fix the
problem. Makes me a somewhat better ISP citizen.
Thanks,
Bill


Bill Oxley 
Messaging Engineer 
Cox Communications, Inc. 
Alpharetta GA 
404-847-6397 
bill(_dot_)oxley(_at_)cox(_dot_)com 

-----Original Message-----
From: ietf-dkim-bounces(_at_)mipassoc(_dot_)org
[mailto:ietf-dkim-bounces(_at_)mipassoc(_dot_)org] On Behalf Of Jim Fenton
Sent: Thursday, July 27, 2006 7:34 PM
To: Scott Kitterman
Cc: ietf-dkim(_at_)mipassoc(_dot_)org
Subject: Re: [ietf-dkim] The URL to my paper describing the DKIM policy
options

Scott Kitterman wrote:
On Thursday 27 July 2006 14:00, Bill(_dot_)Oxley(_at_)cox(_dot_)com wrote:
  
My requirements

I sign all
I sign nothing
I sign only 3rd party
I sign all and 3rd party
I sign some mail


My Policy/Practice

I sign all - every piece of mail purported to be from me must be
signed

    
Must be signed by you are must be signed by anybody.  If the latter,
it's 
trivially spoofable unless you have a list of others that are
authorized to 
sign.
  
Sure; third-party signatures will have a bigger dependence on
reputation/accreditation/whitelists/etc. than originator signatures.

Using cisco.com as an example, how would we create a list of others that
are authorized to sign?  We have people using mailing lists, "mail this
article to a friend", and similar services all over the place.  There's
no way that we could catalog a complete list.  However, we might want to
white list a bunch of likely-reliable signing domains (e.g., ietf.org,
mipassoc.org and maybe nytimes.com) and treat these messages with less
scrutiny.

-Jim
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>