ietf-mailsig
[Top] [All Lists]

Re: Comments on draft-allman-dkim-base-00.txt

2005-08-02 21:44:01

<domainkeys-feedbackbase02(_at_)yahoo(_dot_)com> wrote:


--- Eric Rescorla <ekr(_at_)networkresonance(_dot_)com> wrote:


Scott Kitterman <scott(_at_)kitterman(_dot_)com> wrote:

That may be true from the receiver's perspective.  From the 
signer/sender's
perspective the primary value of reducing identity forgery is defensive. 
As
a sender, what I want is for the forger/spammer to use some domain other
than mine or the ones I'm responsible for.  If signing with DKIM and
publishing a policy saying that all messages are signed with DKIM provides
a
sifficent deterrent for the forger/spammer to go elsewhere, then from the
sender's perspective it's a victory.  It's the flip side of the same coin.

I see your point but I don't consider this to really be the important
factor. The primary cost to the (alleged) sender of forged spam is 
the cost of processing bounces

Not at all. Processing bounces is a mere matter of computing resources that 
are
readily funded by high value domains. Does the cost of handling a billion
bounces per day have an impact on the bottom line of BankOfAmerica, I doubt 
it.

Scott's point, I think, is that he wants to protect the reputation of a high
value domain by making sure that only that high value domain can use that
identity. He is happy to let the scammers/phishers move to less protected
domains.

Can you explain what "protect the reputation of a high value domain" means
in this context? 

-Ekr

<Prev in Thread] Current Thread [Next in Thread>