ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] SSP requirements

2006-08-08 08:35:48

Yet another post that seems (hard to tell) to contain no
new technical points that may help us in working on SSP.

Please desist,
Stephen.

Douglas Otis wrote:
On Tue, 2006-08-08 at 04:55 -0400, Hector Santos wrote:
----- Original Message -----
From: "Mark Delany" <MarkD+dkim(_at_)yahoo-inc(_dot_)com>
To: <ietf-dkim(_at_)mipassoc(_dot_)org>

I will say that that I think that John's DAC venture is exactly what
we had hoped would be an outcome of this process. May there be many
more DAC competitors emerging as DKIM is deployed.
Mark,

But will there be a standard?   Market segment XYZ uses this? Market segment
ABC uses that?

Will DKIM-BASE become a "Batteries Required" protocol?

Bad actors are able to sign with DKIM and establish any favorable
policy.  Good actors may be less inclined to assert the same policy when
it might cause a percentage of their email to be rejected or discarded.
Bad actors already expect many of their messages to be rejected, and
don't care what happens when common services are used.  A bad actor
might try spoofing as a common service, but likely with less success.
An alignment with the From, signing domain, and a policy record will not
curtail spoofed return paths without also causing the loss of valid
emails from good actors.  A DKIM client policy may help, but not the
DKIM From policy.  Even here, there can be no absolute policy asserted
without causing loss of email for a typical good actor.  Don't expect
the bad actor to care.

Devising a set of obstacles through which email is to navigate will not
eliminate a need to track source histories.  Only this history curtails
email from bad actors.  When doing so, this history must track an
unlimited number of domain names.  White-listing may bypass some
messages from the tracking process, however a growing percentage will be
from a highly diverse array of domain names.

Either the goal is to accept email from just the mega-domains (which
will continue to have their abuse issues), or something is planned that
is not apparent. The obstacle course favors the bad over the good actor.
So don't throw out your batteries, they are still needed to retain your
history information.

-Doug



_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html


_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html