ietf-dkim
[Top] [All Lists]

creeping i= (was RE: [ietf-dkim] Responsibility vs. Validity)

2007-11-29 13:05:24
Jon Callas wisely cautioned:

Nonetheless, to step past that and assert that there must be user-
level
tracking in DKIM whatever the mechanism, or even that user- level
tracking should be part of best practices is stepping too far. Spam
fighting is not so important that we should erode privacy further than
it is already eroded. It is not so important that we should infringe
upon the sovereignty of a domain and impede its ability to protect its
users.

It also strikes me as odd to assume that a receiver/verifier WANTS to
track individual users (or user-equivalent entities) within the
responsible domain.  That's a ton of extra work, for very little benefit
(from an anti-spam point of view.)

The attack here is obvious: spammers will simply use a new i= per
message, much as they rotate through every other possible identifier.
So, anyone hoping to use i= to identify spammers will be forced to move
back up to d=.

As we continue thinking about this stuff, it's important to remember
that methods for identifying "good" messages don't directly convert to
methods for identifying "bad" messages.

--
J.D. Falk
Receiver Products
Return Path 

_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html