[Top] [All Lists]

Re: [ietf-dkim] Collection of use cases for SSP requirements

2006-11-12 12:58:02
Charles Lindsey wrote:
On Fri, 10 Nov 2006 03:15:55 -0000, Jim Fenton <fenton(_at_)cisco(_dot_)com> 

Very early on (during the WG chartering process), we got input from several people that laws in the EU prohibit an email service provider from honoring instructions from a purported sender to drop messages from others. From what I have been told, the [snail-mail] postal model is followed closely: the delivery agent has an obligation to deliver the message, even if it may be forged. I'm currently trying to get more specifics on whether this is spelled out somewhere, or is just an extrapolation of the delivery of "post". While this could probably be resolved by having those subject to these regulations just not implement message rejection, we didn't want the perception to be that DKIM violates laws in some jurisdictions.

It may very well be that this is OK if the recipient opts-in for this service, or something like that.

I would have thought so.

And I would have thought it extrememly bad practice for any ISP to be dropping any mail unless there is a specific opt-in, whether it would be unlawful to do otherwise, or not.
If you go to the message that Pat Peterson wrote that started this thread, that is exactly what some domains would like to do. They consider SSP to be helpful to counter phishing [Please, let's not re-open that question; it has been discussed to death] even if it is ineffective with look-alike domains and such. The requirement for the recipient to opt-in to have unsigned messages from their domains removed diminishes that perceived benefit greatly.

NOTE WELL: This list operates according to

<Prev in Thread] Current Thread [Next in Thread>