[ietf-dkim] Collection of use cases for SSP requirements
jmacdonald at e-dialog.com
Thu Nov 9 08:16:59 PST 2006
On Thu, Nov 09, 2006 at 12:33:49PM -0000, Charles Lindsey wrote:
> >Many of them use their own domains, for which they could trivially
> >publish SSP data.
> Which is where we need sites on which "reputations" can be queried. I
> envisage these will operate rather like the present DNSBL blacklists. You
> choose such a site that you trust, and then ask its advice on the action
> you should take according to the signer, From address, etc. I would
> suppose that phishers own domains would rapidly acquire a rather poor
> reputation (and the advice should be to "delete all mail where the
> signature succeeds, and even where it doesn't").
So what I'm about to state has been said by others before:
Reputation has to start as neutral or negative. One can not start out
with a good reputation. Phishers don't need their domains to be around
that long to make some money.
Starting with a negative reputation means legitimate small companies
will be penalized. A possible solution to that is accreditation.
However, I think a better way is to state a relationship between two
entities and allow the ISP to validate such a relationship. That isn't
:: Jeff Macdonald | Principal Engineer, Messaging Technologies
:: e-Dialog | jmacdonald at e-dialog.com
:: 131 Hartwell Ave. | Lexington, MA 02421
:: v: 781-372-1922 | f: 781-863-8118
More information about the ietf-dkim