Bill(_dot_)Oxley(_at_)cox(_dot_)com wrote:
Daniel,
DKIM signing clearly defines who takes responsibility for
signing an email
Responsible for what? Can I get sued when something goes wrong?
ADSP is only useful if it is implemented by draconian senders
like financial emailers who really really want all malformed
dkim signatures to be dropped regardless of consequences
Draconian? Maybe they don't to get sued when the new signer
ignorantly ignores policy and resigns the mail thus passing the
responsibility buck. You know the "You break, you own" pottery
principle. PAYPAL was pretty smart to put a official RFC sanctioned
technological disclaimer out there.
There is NO filtering usefulness using DKIM as it is
not reputation based. It does give one the ability to slow
down spoofing. If the signature matches then indeed the sending
ISP did in fact send it
But what if it didn't match? Do you continue sending potentially
spoofed mail?
Now why would anyone make time to evangelize against a
protocol at a conference is beyond me unless it was SPF :-)
Maybe because for so long everyone heard about how great DKIM is, with
years of no real proof or payoff shown, and now the conference
sponsors decided to add an opposing viewpoint or a viewpoint that
might suggest where there might be a payoff with DKIM.
--
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html