ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] Re: reductio ad hominem

2007-12-07 11:25:40

On Dec 7, 2007, at 9:58 AM, Jim Fenton wrote:

Steve Atkins wrote:

On Dec 7, 2007, at 9:20 AM, Scott Kitterman wrote:

If they do, then Mike's point stands.

If they don't, then phishing is inherently OK.  There really is no
middle
ground.

Fallacy of the excluded middle.

Just because it's OK for people to use some variant on a webmail
interface to send mail "from" their email address does not make it
OK to criminally steal passwords or credit card details.

Some domains don't sanction the use of outside services to send mail
"from" their domain, and have terms of use requiring the use of their
domain's own mail servers to send mail. This is becoming increasingly
commonplace in the corporate world.  If you want to forward a news
article, you're welcome to do so using your personal email address.

That's quite true, though not relevant to the comment you're replying to.

Domains lacking "terms of use" requiring the use of their own mail
servers (which presumably would sign outgoing mail), should not publish SSP other than "unknown", because it is perfectly within a user's rights
to send mail using means that wouldn't get it signed.  It would be
helpful to have this expressed in the Development/Deployment/ Operations
document.

Yes. That sounds like a good thing to have recorded somewhere.

It wouldn't be just "their own mail servers", it would also be those
they'd authorized to send dkim-signed mail on their behalf by one
or other of the usual methods.

Cheers,
  Steve

_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>