On Tue, 02 Dec 2008 21:20:49 -0000, Murray S. Kucherawy
<msk(_at_)sendmail(_dot_)com>
wrote:
One response I got to some queries about this issue went as far as
saying verifiers SHOULD NOT degrade "fail" to "neutral" despite this
concern, thereby limiting that action only to well-considered local
policy decisions.
It is always bad policy to throw away information that might be valuable
to someone, even though the case of "normal" email might be better that
way.
Consider, for example, some community discussing some worthwhile topic
with serious contributions being made. But suppose that community also
includes "Trolls" whose aim is to disrupt that process by drowning the
serious discussion in noise. Indeed, we are all aware of the existence of
such communities.
Now the Trolls will, as Trolls do, continually modify their strategy to
make their "noise" hard to distinguish from the genuine "signal". Maybe
their best strategy at some stage will be to DKIM-sign their messages (but
with bogus signatures, because they do not know the private keys). The
rest of the comminuty might well wish to react by noticing the presence of
a failed signature as a good indicator of trollish behaviour (as ever, any
indicator will still have false positives and false negatives, so maybe
tnis is just used as a weighting factor).
--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131
Web: http://www.cs.man.ac.uk/~chl
Email: chl(_at_)clerew(_dot_)man(_dot_)ac(_dot_)uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html