ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] New Version Notification for draft-levine-dbr-00 (fwd)

2010-07-27 03:35:57
On 7/27/10 9:36 AM, J.D. Falk wrote:
 On Jul 26, 2010, at 9:13 PM, Douglas Otis wrote:
A vouching service is unlikely to offer a fix either.  How would a
 vouching service know better than the Author Domain?

 They wouldn't, so a smart vouching service would be working WITH the
 author domain to get it right.  But that's a business decision, not a
 protocol decision.

J.D.

Companies are good at shooting themselves in the foot in respect to 
helping bad actors phish. (blush)  The other foot injury involves their 
email being rejected or discarded.  Unfortunately, these two goals are 
in conflict when making ADSP assertions.  Unless the targeted 
organizations or institutions forgo all informal third-party services, 
such as mailing-lists, it is not possible to get ADSP right.  
Ironically, following recommendations being proposed for mailing-lists 
is likely to make phishing worse.

These conflicts are not resolved by adding another layer of management 
unless the question being asked is extended with respect to messages 
lacking Author Domain signatures. The considerations should not be what 
is easy for senders, but whether excluding phishing is easy for recipients.

-Doug
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>