ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] brand protection, was Is anyone using ADSP?

2009-10-14 09:31:23
OK. What ADSP adds is the ability to assign reputation to a specific email 
claiming to originate from a specific domain. Except for "unknown".

No, ADSP adds the ability for senders to make unverified assertions about 
their signing practices.  Unless you already have some knowledge about the 
domain, you have no idea whether it would be useful to believe it.

It might be nice if paypal could publish in the DNS a set of related
domains, that it is willing to share the reputation of paypal.com

Why would they do that?

For brand reputation protection - you've cut the relevant quote that I was 
responding to. It's not really a DKIM issue,

Oh, if we agree it's unrelated to DKIM, I agree that there's all sorts of 
hacks that might, hypothetically, help deter phishing, maybe.  In the 
meantime can we agree that a domain with a good reputation like paypal 
should sign all its mail, just like it does now?

but if I get email from paypal.co.uk, then how do I determine whether 
that email is from paypal?

That appears to be a mistake, that they sign mail from paypal.co.uk with 
d=paypal.co.uk rather than d=paypal.com.  I say this because when I did a 
transfer from my UK account, some of the mail they sent was signed with 
paypal.co.uk, some with paypal.com.  I hope you agree that mail signed 
with d=paypal.com is paypal, regardless of what the other headers say.

If I send you a Paypal payment, they will send you a mail with my 
return address announcing the payment.  That message is signed with 
d=paypal.com because Paypal takes responsibility.  (They really do 
this, I just tried it.)

They use a third party return-path?

Once again, DKIM has nothing, repeat nothing, to do with anything in the 
envelope.  Perhaps you are confusing it with SPF again.  If you want to 
try it yourself, send me private mail and we can send each other matching 
tiny payments between out UK accounts and see what the mail looks like.

R's,
John
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>