[ietf-dkim] user level ssp
dotis at mail-abuse.org
Wed Sep 6 16:58:24 PDT 2006
On Sep 6, 2006, at 4:24 PM, Thomas A. Fine wrote:
> The alleged half-implemented DKIM within a domain makes no sense
> whatsoever - why would a domain work really hard to maintain
> thousands or millions of records, so that the spammers can continue
> to forge spam from their domain with policy-assured freedom? They
What is being forged, the email-address?
> The sensible solution is to dispense with all this user-signed
> nonsense. It does no real good.
The mechanism being sought is to use policy as a means to
differentiate a message from other messages within a common signing
domain. The concern is not limited to just spammers. The recipient
can then recognize specific assurances via message annotations. This
mechanism is essential.
> Domains should be free to set up as many keys as they want, and use
> them however they want. If they want to set up a million keys, one
> for each user, well, that's dumb in my opinion, but let them,
> because it's not for me to dictate. At any rate, this will handle
> any odd situations where users have a legitimate need to self-sign.
> BUT: this should all be part of the standard mechanism for
> distributing valid keys, and should not in any way be a special
> case for user validation. It should simply be part of the selector
An arcane component of a DKIM signature (the selector) or a signing
subdomain (where assurances of the email-address being valid is lost)
does not offer viable differentiated protections. Keep in mind, the
entire domain is not equally trustworthy.
More information about the ietf-dkim