Since Amazon set it up in the first place, wouldn't they be keenly aware of the
service signing issues?
Mute point if they understand what they are doing.
Regards,
Damon Sauer.
Sent from my Verizon Wireless BlackBerry
-----Original Message-----
From: Douglas Otis <dotis(_at_)mail-abuse(_dot_)org>
Sender: ietf-dkim-bounces(_at_)mipassoc(_dot_)org
Date: Tue, 22 Jun 2010 17:37:26
To: <ietf-dkim(_at_)mipassoc(_dot_)org>
Subject: Re: [ietf-dkim] New Version Notification for draft-levine-dbr-00
(fwd)
On 6/22/10 5:07 PM, John Levine wrote:
Not quite, it's a third party's assertions that are somewhat but not really
like ADSP
As far as I know Amazon doesn't make any ADSP assertions, but it is my
impression that they sign all their transactions with DK or DKIM, and
they're certainly a phish target, so it would be reasonable to drop
unsigned Amazon mail anyway.
What happens when Amazon has a service using a parent signature? As a
result of a third-party vouching service, their messages might be
discarded, and they won't become aware of the issue until damage is wide
spread. TINLA, but it seems having a service advocating for the
discard of someone elses's email could be a liability. How does one
determine whether a vouching service is authoritative for the domain in
question? Please don't say use another vouching service, because the
issue is _who_ should decide whether a message must have a valid
Author-Domain signature or be discarded.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html