Doug Otis wrote:
Also remember CSV which Dave and I concocted to allow sites to identify
the hosts that are supposed to be mail clients.
John, it was Dave Crocker, John Leslie, and myself, where I had
independently written a draft similar to Dave's.
It is really a shame too, as this approach would have helped establish a
name basis for a reputation scheme that could have been applied early in
the SMTP transaction. A reputation scheme based upon any authorization
that leave providers nameless would be wrong and inherently unfair.
Doug, for the same reasons reputation schemes are hard to shallow for
DKIM as a general, useful, consistent scheme protocol, it was also
hard to shallow for CSV. It was a Batteries Required concept, and once
again, doesn't address failure which was what MARID was looking for -
the result SPF/SENDER-ID.
If you wish to consider policy and enforcement, I might even begin to
cheer for CSV. However, its really a day late and a dollar short -
the SPF standard is widely adopted and has an optional solution at
EHLO/HELO checking. CSV would be redundant.
Dealing with IPv6 will likely require reputations be based upon a domain
name rather than upon individual IP addresses.
Why do we keep talking about a solution with a undefined reputation
component? We talk about it so much, maybe it should be written into
the charter so we can concentrate on developing a open standard
reputation protocol, then maybe some of the reputation/DKIM ideas can
begin to make sense.
Looking for the low-cost web of trust...
Original Domain DKIM POLICY! Middle ware should keep their fingers
off. Mailing list should HONOR it. If the abuse is so low, then it
wouldn't hurt if forwarders honored policy. But it would at least
close the loophole for the presumed "low volume" domain abuse.
--
HLS
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html