On Sep 16, 2010, at 11:03 AM, Alessandro Vesely wrote:
On 16/Sep/10 13:05, MH Michael Hammer (5304) wrote:
Ian, this makes no sense to me. If a signing domain is concerned enough
to choose to implement ADSP, why would they reduce what they are signing
to accommodate a small percentage of their mail going to MLMs that they
may or may not be able to identify? I don't remove the locks on my doors
because there is a possibility that someone might break one of my
windows.
I've said it before and I'll say it again. MLMs are the tail, not the
dog. Don't wag the dog.
Messages can also be replayed as-is, for the sole purpose to game the
author domain's reputation. DKIM can sign To: and Cc:, but not Bcc:,
and then these are not tied to the actual recipients list. This
wagging is about delimiting message streams, hence it's not
necessarily tied to MLMs only.
If this is primarily a workaround for perceived limitations of reputation
systems, then I humbly suggest that the premise is invalid. Today's reputation
systems aren't static; the operators are constantly changing them in reaction
to what the spammers do.
If the spammers start replaying DKIM-signed messages in order to game
reputation systems, the operators WILL adjust. A scheme like this, rather than
helping, may make those adjustments more complex and difficult.
Are there other use cases?
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html