On 8/22/06, Douglas Otis <dotis(_at_)mail-abuse(_dot_)org> wrote:
On Tue, 2006-08-22 at 05:54 -0400, Hector Santos wrote:
>
> But 99% of the times or lets just say it is expected police protocol
> and practice for a traffic stop that if there is a problem with your
> Driver's license; the photo, the sex, age, height, etc, it is simply
> not quite consistent which what he is seeing in reality, at this
> point, there is increase scrutiny and by Police Protocol and Practice
> he should radio the HQ database (i.e., Reputation Service) to find out
> if there anything bad or new to find out about you or the vehicle you
> are driving.
Most bad actors are not fools. Playing a hard nose cop will block vastly
more legitimate email than spoofing attempts. Due to look-alike and
internationalization issues, the ultimate solution can not rely upon
failed concepts that attempt to impose a problematic authorization
scheme. Who can afford an increase in phone calls and complaints anyway?
2822.From policy is best used to indicate which 2822.From addresses are
valid. With DKIM and this policy, the number of messages that can be
discerned to have a valid 2822.From address can greatly increase without
imposing hardships. Policy does this by permitting autonomous
administration. When the MUAs annotate messages that are both found in
the Address Book, and appear to be signed with valid 2822.From
addresses, look-alike and internationalization exploits will have been
thwarted. This prevention does not rely upon a reputation or an
authorization scheme.
A great deal of legitimate email will not be assured to have a valid
2822.From address. Over time that may change. Nevertheless, DKIM can
restore trust in the 2822.From address, especially for critical
messages. This trust must not be based upon visual examination. The
bad actors are too good at creating forgeries. The MUA must implement
the final check at the highest resolution possible. The MTA can not
achieve the same level of scrutiny.
Perhaps a 2821.MAIL_FROM policy of a designated domain list can provide
an association with the DKIM signing domain. These associations could
improve upon the MTA triage process without DoS concerns, but not as a
type of authorization scheme and without the badges. : )
Wow, that was a lot of typing to try and convince me that everyone
hates more phone calls and trouble tickets and therefore we should
punt.
Are you saying that you see NO value in it or so little value that it
would be statistically insignificant?
Remember- it is OPTIONAL.
Regards,
Damon Sauer
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html