[ietf-dkim] 1359: ssp-requirements-01 // Outsource First Party
Signing concerns extended
Douglas Otis
dotis at mail-abuse.org
Mon Oct 9 11:12:55 PDT 2006
https://rt.psg.com/Ticket/Display.html?id=1359
There was some agreement on the list regarding considerations
pertaining to who should receive the abuse feedback enabled by the
DKIM signature.
When a designation scheme is considered, then this feedback
consideration becomes far more significant. Some assume the signing
domain will accrue a reputation for unsolicited commercial email, but
this overlooks limitations in the DKIM protocol making such
accountability impossible.
While DKIM may provide a means for accruing a list of domains that
either do or do not phish, it does not provide a means for accruing a
lists of domains that do or do not send unsolicited commercial
email. As a result, accrual of reputation for general acceptance
will continue to be done by the IP address of the SMTP client. This
consideration significantly alters assumptions regarding which domain
should be signing the messages, and what role domain designation
might play.
-Doug
More information about the ietf-dkim
mailing list