-----Original Message-----
From: ietf-dkim-bounces(_at_)mipassoc(_dot_)org
[mailto:ietf-dkim-bounces(_at_)mipassoc(_dot_)org] On Behalf Of Steve Atkins
Sent: Thursday, May 26, 2011 3:20 PM
To: DKIM List
Subject: Re: [ietf-dkim] MLMs and signatures again
That's relying on an awful lot of vaporware in the MUA, orthogonal to
any sort of authentication. I don't think any MUAs really track sender
reputation in any way[1].
It's not vapourware in general. Such feedback systems exist, and could easily
be tied to DKIM domains.
Well, d= won't identify the original sender at all, in the case of
individuals sending to a mailing list. It'll identify the domain of
their ISP, nothing more.
Well, right. You'd be basing decisions on validated DKIM "d=" values.
Tunneling DKIM signatures through MLMs doesn't seem to be the missing
bit of technology needed to do this.
If the MLM signs any email it sends then you have some level of trust
in any information it annotates the mail with.
Yes, and A-R provides a mechanism for doing that as well. It's mentioned in
the MLM draft too.
*If* it were possible to identify the original email author in some way
(S/MIME, PGP, some private shared secret approach....) the MLM could
annotate the mail with that information, and you could trust it enough
to filter on. If the MLM doesn't have enough information to identify
the original email author, it's unlikely you do either - whether
there's a second DKIM signature or not.
Why the last part of that?
[1] It's something that'd be useful, though - it's been on my TODO list
for about two years to add exactly this to our CRM system, via end-user
thumbs-up / thumbs-down buttons.
We have that at Cloudmark, and there's an open one as well. I'm trying to
figure out if and how such a system could be used when correlated with DKIM
signatures.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html