ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] portable reputation

2008-05-29 07:26:08
One thing we hear a lot about in other contexts is reputation
portability.  If paypal were to create a new service, it would want
to borrow from its reputation.  An ability to express some means at
the domain level would provide for that portability.  Absent that it
has to go through the whole rigmarole all over again.

Well, you know, I think it's convenient for the front and back doors
of my house to share the same key, but that doesn't mean that I also
think that key should unlock every door in the state of New York.

One of the design points of DKIM is that signatures can be from any
domain you control, and that a message can have multiple signatures.
If you want a bunch of mail to share the same reputation, sign it all
with the same domain.  If the From: domain in some or all of the mail
is something else and you want to use ADSP, also sign it with the
From: line domain.  If you want an existing domain's reputation to
port to a new one, maybe you should sign with both for a while.  This
is how we've expected DKIM to work all along.

Reputation portability is indeed important, but I don't see why one
would want to implement it by default fuzzy domain matching, with all
the phish vulnerabilities that opens up, particularly when DKIM
already provides straightforward workable ways to do it.

R's,
John


_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html