[ietf-dkim] DKIM charter (Should DKIM directly prevent spoofing?)
dotis at mail-abuse.org
Wed Nov 16 10:32:35 PST 2005
On Nov 16, 2005, at 12:00 AM, Stephen Farrell wrote:
> I've read your mail twice now and I honestly cannot see
> what's there that really needs to be addressed in terms
> of potential changes to the charter.
A claim made in the charter of detecting spoofing depends upon a
comparison of the signing-domain with the email-address domain. This
suggests the email-addresses has been constrained to the transport
when DKIM is advertised as a MTA to MTA mechanism. It seems greater
progress will be made excluding this highly contentious aspect. Many
hold unwarranted expectations that email-address constraints will
abate abuse, however such constraints will also dramatically change
the way email is used. Why not defer the policy mechanisms related
to email-addresses? Once MUAs are able to track signing-domains, the
need for any email-address constraint disappears.
To offer a fast and comprehensive response, a BCP for domains under
attack could be created. This should include use of DKIM and
limitations on the links, as well as methods of recognition
independent of what _may_ be visible. We would be happy to provide a
free listing service to publish those that meet the requirements of
such a BCP. Would that get the policy debate off the table?
More information about the ietf-dkim