-----Original Message-----
From: ietf-dkim-bounces(_at_)mipassoc(_dot_)org
[mailto:ietf-dkim-bounces(_at_)mipassoc(_dot_)org] On Behalf Of Daniel Black
Sent: Wednesday, August 18, 2010 7:00 PM
To: ietf-dkim(_at_)mipassoc(_dot_)org
Subject: [ietf-dkim] marketing dkim
I've got a presentation slot for DKIM at APNIC next week to a bunch of
ISPs.
My current plan for a talk is:
* DKIM is a really well developed standard for signing email
* Combined with ADSP=discardable it can filter email at ISP gateways
without
too much fear of unduely lost email
* BUT otherwise its useless in its current state.
That doesn't sound much like "marketing" to me...
I would focus on the fact that it, in addition to being a mechanism to thwart
forgeries, is a framework for providing things like domain reputation. It's an
important layer enabling other very valuable things. Lots of enabling
technologies are by themselves not especially useful, but that doesn't mean
they aren't critical.
So DKIM is at a state where there is no offering of filtering advice
beyond
the theoretical discussion in RFC5863. The current mailing list
approach:
MLM behaviors are well-established and standards compliant. Thus,
the best approach is to provide these best practices to all parties
involved, imposing the minimum requirements possible to MLMs
themselves.
is rather defeatist and limits the encouragement for DKIM-Friendly
lists.
Accepting the realities of a situation seems to be more practical than
defeatist. The email world is loaded with software inertia. Working with that
as a guideline is the best way to get something accomplished. If we're
surprised by the absence of that inertia, things can only get better.
For reputation service providers the assumption that mail serivce
providers
are going to deploy DKIM for the benefit of reputation service
providers seems
a little hopeful considering their costs. Don't misunderstand me,
domain
reputation has a role in spam reduction and DKIM contributes to this,
there
just needs to be more benefit to the sender/receiver without it.
I read this as saying "We need reputation for really effective filtering,"
which is completely true. I think a positive spin here would be much more
likely to draw support; using words like "useless without" will do more to
discourage your audience than encourage it.
At the end of the day the future I currently see for DKIM is the same
as SPF.
Some will deploy it but at the end of the day there will be no-one
filtering
on its results because of its deficiencies (MLM). The progress of
deployment
will stagnate in the same way as spf because there is no filtering:
(compare http://web.archive.org/web/20080130150257/http://spf-all.com/
and
http://spf-all.com)
Jeez, what's the intent here? Are you trying to get people excited about DKIM
or convince them not to bother?
Please tell me where I'm wrong. I don't see nice thing to say to these
regional ISPs except that DKIM is useless until a clearer policy
framework for
filtering is available to everyone.
If I, as someone excited about DKIM and what it can enable, were invited to
speak someplace while this was my general disposition, I would politely decline
to present anything at all.
-MSK
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html