[ietf-dkim] New Version Notification for draft-levine-dbr-00 (fwd)
Douglas Otis
dotis at mail-abuse.org
Tue Jun 22 17:37:26 PDT 2010
On 6/22/10 5:07 PM, John Levine wrote:
> Not quite, it's a third party's assertions that are somewhat but not really
> like ADSP
>
> As far as I know Amazon doesn't make any ADSP assertions, but it is my
> impression that they sign all their transactions with DK or DKIM, and
> they're certainly a phish target, so it would be reasonable to drop
> unsigned Amazon mail anyway.
>
What happens when Amazon has a service using a parent signature? As a
result of a third-party vouching service, their messages might be
discarded, and they won't become aware of the issue until damage is wide
spread. TINLA, but it seems having a service advocating for the
discard of someone elses's email could be a liability. How does one
determine whether a vouching service is authoritative for the domain in
question? Please don't say use another vouching service, because the
issue is _who_ should decide whether a message must have a valid
Author-Domain signature or be discarded.
-Doug
More information about the ietf-dkim
mailing list