John Levine wrote:
One thing we hear a lot about in other contexts is reputation
portability. If paypal were to create a new service, it would want
to borrow from its reputation.
...
Reputation portability is indeed important, but I don't see why one
would want to implement it by default fuzzy domain matching, with all
the phish vulnerabilities that opens up, particularly when DKIM
already provides straightforward workable ways to do it.
Eliot,
Typical discussions about reputation portability have been based on use of IP
Addresses. The need for portability is due to being forced to use different
IP Addresses. Using domain names as identifiers changes the entire game. For
one thing, it permits the reputation to be based on a far more stable
identifier.
To whatever extent we want reputations to be able to be "portable" we need to
make sure it does not conflict with desires to keep them separate.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html