On 12/7/06, John Glube <john(_dot_)glube(_at_)gmail(_dot_)com> wrote:
> > For an e-mail application service provider, (ESP), one way
> > to do this is for that entity to sign the RFC 2822 sender
> > header.
> >
What if I don't want you to. (see reasoning below)
> > By doing so, the ESP says "I, ESP am the entity sending
> > this email on behalf of my client, List (identified in the
> > RFC 2822 from header) and as such an identity that is
> > associated with that email and can be held accountable."
> >
So if a spammer invades a third party (ESP, ISP, ASP,
ISP->ASP) I have a conundrum... how do I distrust gmail or AOL?? Sure,
I could flip the switch but realistically, who is going to do that?
Which is why I don't want my 'as a sender' email signed by the
service. Their sig isn't worth the bits used to inject it- especially
not compared to my wholesome image.
ESPs would love to avoid responsibility, but ... you can't.
But you can't really block them either can you :)
True, the client provides the message content and the email
address for the from header.
Yes, at least one receiving network likes to see one list per
IP address.
True, the email addresses collected by the client through use of
the ESP's facility are property of the client.
Most ESPs allow clients to import data and send mail to
their lists using the ESP's facilities.
(BigHip does not, but that is another story.)
Hence the traditional "pass through" argument.
But, that "approach" allows ESPs to avoid responsibility
for the abuse coming from their network when for
example the client imports and mails to a "bad list."
But I can't 'force' the issue by distrusting the ESP's sig... when who
we REALLY want to trust is 'The' sender
In turn, this refusal to take responsibility in general
is one of the underlying reasons why we are in today's
mess.
Amen.
In my view it is simple. Folks must be responsible for their
own backyard.
And if it actually happened we wouldn't be here :)
Therefore, in simplistic terms:
The ESP is responsible to the Net to stop abuse
coming from its network.
The ESP is accountable to the Net to respond to
complaints of abuse coming from its network.
.. and they all lived happily ever after. (You forgot to end your fairytale :)
It is therefore appropriate in most cases that the
ESP is authorized to sign for mail sent from its
Network on behalf of its clients using the sender
header because the ESP is the responsible and
accountable party to the Net.
John
John Glube
BigHip - Abuse / Compliance
_______________________________________________
Regards,
Damon Sauer
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html