[ietf-dkim] Re: is this a problem or not?
nobody at xyzzy.claranet.de
Mon Oct 31 02:27:20 PST 2005
Earl Hood wrote:
> It is worth noting that this scenario relies on ISPs that
> either do not do DKIM signing or utilize relaxed policies.
They could also offer addresses in various subdomains with
different "protection" schemes. If they're not interested
in upgrading their software they could start with the three
surviving LMAP schemes, good enough for ordinary users. Not
everyody wants or needs the same protection as say ebay.
> you either have the case where DKIM will not be the norm
> for all email or relaxed policies become the norm
Neither nor. DKIM offers some weapons, the LMAP protocols
offer more weapons, everybody will find a personal mix, from
both POVs, sending or receiving. For the LMAP zoo maybe SIQ
could offer a simple interface for some "closed user groups",
i.e. user groups of MXs sharing the services of the same SIQ
> The key question is, "Who 'owns' the mailbox address and
> the allowable uses of it?".
In theory the domain "owner" as far as domains have "owners".
But in practice I doubt that users would accept it if they
can't use "their" address in any way they like in mail. If
they have funny ideas about "their" MAIL FROM I could abuse
STD 10 for a RIDIKULUS spell (praying that they don't pull
STD 3 for a BOUNCES TO counter-spell <g>), but for the 2822
"identities" it's a hopeless case.
Thinking about your gmail-Sender example, they could justify
a Sender-restriction by "G doesn't stand for gateway, stupid".
But 2476bis 8.1 is tricky, I wouldn't touch it without first
discussing this with a legal department or privacy officer.
Maybe no big deal for new users, but changing the rules for
existing users could be difficult. When SPF was new there
were complaints that it won't allow to spam a senator - I've
forgotten the details, but the EFF made it to my killfile :-(
> For some businesses (like the mybank example that has been
> raised), such restrictions are desirable, and probably
IMHO not only "some" businesses. Bur for private users it's
less interesting, they want to use "their" address whereever
More information about the ietf-dkim