Eliot Lear wrote:
Hi Murray,
On 10/1/09 10:27 PM, Murray S. Kucherawy wrote:
How can one forget that which was never true to begin with?
The working group and its antecedents, as far as I'm aware, have always been
pretty adamant about the fact that reducing spam has never been one of its
goals.
I think it was the goal of many who participated to reduce spam. That
having been said, DKIM by itself cannot reduce spam, and that was always
readily apparent. DKIM can be used as one of a number of components to
a comprehensive approach to identifying legitimate email. If all of
that happens, then the economic incentives for spamming would seem to
dwindle.
That's a lot of moving parts, of course.
All of this having been said, I think Scott Kitterman is right. I still
think the standard needs more soak time. But that's me.
My assessment:
My hope was that DKIM would be used to help fight the #1 problem in
email - legacy (No DKIM mail) spoofs and to raise the bar to address
DKIM spoofs.
However:
Far too much time was spent on trying to make DKIM fit in an
environment (Mailing List Servers) where it would inherently have mail
integrity problems.
The deemphasis of policy did not help where this should of been the
primary focus and worked out before attempting to "retrofit" it into
complex mailing list server environment.
When the authors of a WG document and protocol are not firm believers
of their work, it doesn't help promote the end result.
When you have out of scope concepts being the top priority
(reputation), when it fact, it should of been in scope due to the
large # of people who wanted it, it didn't allow for a group synergism
to be created and "reputation" standard to be developed. The irony
here is that every after all that has happen, the re-chapter still
attempts to keep it out of scope. Very odd.
Instead, a very complex subjective integration requirement
materialized where there is no working methods or standards to work
with. When you have software developers who can't agree on what DKIM
API should or should not be or even its definition, thats a problem.
In addition, as a result of the mailing list focus without policy,
DKIM has become more of a Sender Protocol rather than an Original
Domain Author Protocol - a hop to hop authentication protocol.
Sans Policy, Sans Reputation, DKIM-BASE, as it stands, is an
unprotected mail signing protocol with a large water down effect -
high potential for failed signatures, lack of protocol consistency,
receivers can't trust it especially for anonymous transactions and its
usefulness is very isolated, thus a low payoff and low adoption rate.
In my opinion, if DKIM can not be easily adopted by 80% of the small
to mid size market, thats a problem.
---
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html