[ietf-dkim] Re: The Value of Reputation
dotis at mail-abuse.org
Wed Jan 4 11:20:40 PST 2006
On Jan 4, 2006, at 9:13 AM, Frank Ellermann wrote:
> Stephen Farrell wrote:
>> there will be a time when the group should be focusing on the
>> policy stuff, but its just not yet. For now we ought be focusing
>> on the threats draft.
> s/now/tomorrow/ after the WG is chartered... ;-) I think I've now
> got Doug's terminology of "closed" vs. "open", it 's like "open
> interval" vs. "closed interval" for real numbers.
> In that case it's wrong / esoteric / dubious (pick what you like)
> for sets of IPs, because there's only a finite number of IPs. We
> don't need "open intervals" or the "axiom of choice" to construct
> say three sets FAIL, PASS, and DUNNO covering all IPs, with each IP
> in precisely one of these three sets.
How does a limit in the number of IP address effect this definition?
While many wish to weigh acceptance criteria to divide results into
multiple groups, the concern was regarding what is being permitted in
terms of acceptance. This acceptance may be judged harshly in binary
terms. Either the authorization blocks abuse or it doesn't. With
respect to the terminology, _any_ qualifier that was labeled as
"Open" permits acceptance of abuse.
>> The comment was more directed to the rest of the folks discussing
>> this with you over and over.
> If what he says about SPF is wrong / dubious I've to challenge it,
> and I also don't see any "open-endedness" in SSP so far:
SPF and SSP will have similar problems. With SPF, you have pointed
out the RFC1123 5.3.6(a) issue that may cause those concerned with
the resulting disappearance of messages to use the '?' qualifier,
which is fairly common. With SSP, the disruption in delivery of
messages is even more pronounced. Even posting messages to this list
will be lost when a 'Closed' qualifier is used. DKIM can not hope to
dictate how identifiers are used by the receiving MTA administrator
as they struggle to find the means to exclude spam. Care must be
taken to avoid the obvious unintended uses of authorization. With
the exception of a "Closed" qualifier, all the other qualifiers are
largely meaningless and perhaps greatly misleading. Any indication
of even being within a "Closed" set of identifiers is also likely
> Every domain is free to send no mail, and to publish this as
> "v=spf1 -all" or nullmx or what else. It's also free to say that
> it only uses certain routes, or always uses some kind of signature,
> etc., and to publish this decision in a policy.
There have already been cases where a major ISP use coercion by
deleting _some_ messages without _some_ type of authorization. Even
from other providers with otherwise good reputations. This freedom
is somewhat illusory when a sender must worry about whether messages
are accepted, or simply vanish because DSN are also contingent upon
the authorization. : (
More information about the ietf-dkim