ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: accept, deny, or other delivery decisions (was Re: [ietf-dkim]SSP= FAILURE DETECTION)

2006-09-11 19:12:38
from [Hector Santos] [Permanent Link] 

----- Original Message -----
From: "J.D. Falk" <jdfalk(_at_)yahoo-inc(_dot_)com>


In what way?



IP address is an input.  Each URL in the message is an input.
Virus scanning results on attachments are an input.
Filtering hasn't been binary for years.


Not sure of the "binary" relationship, but these are are different ideas.
A) its not part the scope, and neither is reputation, b) some of the ideas
above is based on BAD filtering, not GOOD.

But what I was looking for is how it relates to the DKIM-BASE specification.

     result1 = Yahoo(DKIM-BASE,LOCAL_POLICY_UNKNOWS)
     result2 = Aol(DKIM-BASE,LOCAL_POLICY_UNKNOWS)
     ...
     resultN = TheWorld(DKIM-BASE,LOCAL_POLICY_UNKNOWS)

You now have the potential for varying results.

Since DKIM-BASE has a IGNORE FAILURE mandate, you are left with a GOOD
acceptance concept. Not bad.

In short, you would be ignore all the most obvious loopholes that are
possible with DKIM-BASE failures.

And on a product manager to product manager basis, since you are now
introducing an external DKIM variable about "Domain Responsible" into your
scoring, you now have a new level of possible product liability issues at
the receiver level.  Now you have to be more careful about displaying a
"Star or Good DKIM Mail Seal". I would suggest to run it by your chief
council again.


If there a consistent ACCEPT, DENY and DELIVERY DECISIONS method
so that when XYZ.COM sends signed mail to users at YAHOO.COM and
AOL.COM, you don't get inconsistent results?



Could you rephrase the question?


Sorry, that should of started with "Is there...."

In short, what I wrote above with a domain achieving different DKIM-BASE
results depending on which DKIM-BASE only systems it sends its mail to.


There are so many issues with this DKIM-BASE + LOCAL POLICY
UNKNOWN that I find it hard to see how it justifies the risk of
signing.



Good thing signing is optional, then, huh?


You would think.

But it is really optional with the 3rd party DKIM appliance boxes and 3rd
party service bureaus and ISP/ASP/ESP blinding signing mail?

What is the input value when Yahoo receives a 3rd party signed mail from
domains that only expects its own signature?  Does that say the DOMAIN is ok
if the 3rd party signature passes?

Don't get me wrong.  Reputations is always a good idea for receivers but I
see that as completely different and it doesn't address the DKIM protocol
consistency problems.



_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [ietf-dkim] Relaxed always (was: user level ssp), Frank Ellermann
Next by Date:  Re: accept, deny, or other delivery decisions (was Re: [ietf-dkim] SSP= FAILURE DETECTION), Hector Santos
Previous by Thread:  Re: accept, deny, or other delivery decisions (was Re: [ietf-dkim] SSP= FAILURE DETECTION), J.D. Falk
Next by Thread:  Re: accept, deny, or other delivery decisions (was Re: [ietf-dkim]SSP= FAILURE DETECTION), J.D. Falk
Indexes:  [Date] [Thread] [Top] [All Lists]