On 4/30/10 8:48 AM, Michael Thomas wrote:
On 04/30/2010 08:32 AM, Jeff Macdonald wrote:
Perhaps poorly chosen words. But I think most understood the intent.
I'm willing to go from a world where any system can use my From to one
where only the systems I say can. And that means changes.
Really? The sender has to opt in? That sounds like a lot of operational
burden on the sender admins. To me that says that I'd need to get blessing
from my mail admins to start posting to a new list/domain. Which is a pretty
big change from the way things are now. And to my mind a little bit scary.
Why not, when a sender authorization scheme can be unilaterally enacted
in milliseconds with a simple request, either in the form of an email or
a web-page. This would be a request to grant specific exceptions in the
domain's "discard-able" or "all" policy by publishing a hash label.
In the case of financial institutions, before taking such step, any
authorized third-party should be audited. This would be easier to do
with DKIM than with SPF because a server's range of permitted sources is
not determined with a simple message probe. With DKIM, testing the
handling of submissions from different accounts would offer reasonably
assurance an authorization does not permit exploitations.
By implementing a third-party authorization scheme with DKIM, tighter
restrictions become possible with fewer messages lost. A DKIM
authorization scheme would also put the burden of knowing who can be
trusted to properly handle A-R headers and message bodies on to the
senders seeking protections afforded by "all" or "discard-able" ADSP
policy.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html