I was at Michael Barrett's (PayPal CISO) talk yesterday morning. He
said that the early gains they have made have been with DomainKeys, but
said quite clearly that "the future is definitely with DKIM" (or words
to that effect).
He said that Yahoo! had blocked 50 million messages allegedly from
paypal.com as a result of the lack of a signature.
He said a lot about SSP (I didn't correct him on the name, but of course
he means ADSP). He had described the arrangement they have with Yahoo!,
and how they would like to have such arrangements with a lot of other
ISPs and how there many other domains like them that would also like to
do so, and that SSP is needed in order to allow this process to scale.
I haven't read the whitepaper yet.
-Jim
Murray S. Kucherawy wrote:
Sorry, I wasn't done yet.
The main reason I wanted to share this with the working group is to point
out that we got some confused people at RSA asking us why we're going with
DKIM and not DomainKeys in light of the content of this paper.
I wonder if it would be prudent to (somehow) make a statement clarifying
that the experiment therein described was begun before RFC4871 was issued,
and thus before DKIM enjoyed any kind of real deployment. Or something
like that. Ideally that would come from PayPal but I don't know that we
have any direct participation from them here.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html