[ietf-dkim] Keys vs. Reputation
Jon Callas
jon at callas.org
Thu Aug 24 11:09:12 PDT 2006
> Indeed the DKIM signature does not directly validate the 2822.From
> address. However there is a means for the signing domain to
> communicate an assurance of the 2822.From address through the use
> of the dkim-signature i= syntax. A similar assertion is equally
> plausible within the 2822.From policy record. This assurance could
> be deferred to the 2822.From policy when the signing domain is a
> subdomain or otherwise outside the 2822.From domain. A mechanism
> for verifying proper use of the 2822.From address could be
> analogous to steps taken when registering an email-certificate or
> when subscribing to a mailing-list.
>
> Providers that implements such a mechanism can ensure messages
> signed for by a specific domain are not forging anyone's email-
> address. Allowing DKIM to assert that the 2822.From address is
> assured valid is clearly beneficial. This mechanism alone will
> impact the amount of spam coming through bots, which represents
> approximately 70% of the overall sources. An assertion by the DKIM
> signer made by way of DKIM semantics or a 2822.From policy
> statement *can* be done. Knowing which provider properly assures
> the 2822.From address may require some type of domain assurance
> council. : )
Doug, this is also incorrect. The i= "identity" is merely a string
that is advisory. There is *nothing* that a receiver can deduce about
it, because it is put there by the signer, who can put anything they
want.
Jon
More information about the ietf-dkim
mailing list