[ietf-dkim] Wrong Discussion - was Why mailing lists should strip DKIM signatures
dotis at mail-abuse.org
Fri Apr 30 11:12:58 PDT 2010
On 4/30/10 8:48 AM, Michael Thomas wrote:
> On 04/30/2010 08:32 AM, Jeff Macdonald wrote:
>> Perhaps poorly chosen words. But I think most understood the intent.
>> I'm willing to go from a world where any system can use my From to one
>> where only the systems I say can. And that means changes.
> Really? The sender has to opt in? That sounds like a lot of operational
> burden on the sender admins. To me that says that I'd need to get blessing
> from my mail admins to start posting to a new list/domain. Which is a pretty
> big change from the way things are now. And to my mind a little bit scary.
Why not, when a sender authorization scheme can be unilaterally enacted
in milliseconds with a simple request, either in the form of an email or
a web-page. This would be a request to grant specific exceptions in the
domain's "discard-able" or "all" policy by publishing a hash label.
In the case of financial institutions, before taking such step, any
authorized third-party should be audited. This would be easier to do
with DKIM than with SPF because a server's range of permitted sources is
not determined with a simple message probe. With DKIM, testing the
handling of submissions from different accounts would offer reasonably
assurance an authorization does not permit exploitations.
By implementing a third-party authorization scheme with DKIM, tighter
restrictions become possible with fewer messages lost. A DKIM
authorization scheme would also put the burden of knowing who can be
trusted to properly handle A-R headers and message bodies on to the
senders seeking protections afforded by "all" or "discard-able" ADSP
More information about the ietf-dkim