[ietf-dkim] Draft minutes...
Douglas Otis
dotis at mail-abuse.org
Thu Jul 13 12:52:17 PDT 2006
On Jul 13, 2006, at 3:26 PM, Tony Hansen wrote:
> I'm saying that
>
> if there are Resent-* headers representing identity, they should
> be signed
>
> We should be agnostic to the debate. If the MUA uses them, support
> them.
> If the MUA does NOT use them, we don't.
Agreed. It is still to be seen what will be practical. Message
annotation proactively protecting recipients without suffering a
discovery process climbing label trees looking for a possible policy
confirmation that may, in the end say little, if anything, about what
mail is acceptable. Spammers can adopt policy record requirements
and thus this requirement will offer little in the way of protection
from abusive email, especially when email-address recognition is not
assumed. DKIM without some type of annotation is already prone to
Microsoft X-Message headers, as well as notations related to the
Sender header. That involves just one of hundreds of MUAs. Once MUA
developers incorporate information confirmed by DKIM sans policy,
substantial protections can be achieved by comparing signing domains
against information collected in Address Books, or correspondence lists.
-Doug
More information about the ietf-dkim
mailing list