[ietf-dkim] draft-vesely-dkim-joint-sigs
J.D. Falk
jdfalk-lists at cybernothing.org
Fri Sep 17 13:17:21 PDT 2010
On Sep 16, 2010, at 11:03 AM, Alessandro Vesely wrote:
> On 16/Sep/10 13:05, MH Michael Hammer (5304) wrote:
>> Ian, this makes no sense to me. If a signing domain is concerned enough
>> to choose to implement ADSP, why would they reduce what they are signing
>> to accommodate a small percentage of their mail going to MLMs that they
>> may or may not be able to identify? I don't remove the locks on my doors
>> because there is a possibility that someone might break one of my
>> windows.
>>
>> I've said it before and I'll say it again. MLMs are the tail, not the
>> dog. Don't wag the dog.
>
> Messages can also be replayed as-is, for the sole purpose to game the
> author domain's reputation. DKIM can sign To: and Cc:, but not Bcc:,
> and then these are not tied to the actual recipients list. This
> wagging is about delimiting message streams, hence it's not
> necessarily tied to MLMs only.
If this is primarily a workaround for perceived limitations of reputation systems, then I humbly suggest that the premise is invalid. Today's reputation systems aren't static; the operators are constantly changing them in reaction to what the spammers do.
If the spammers start replaying DKIM-signed messages in order to game reputation systems, the operators WILL adjust. A scheme like this, rather than helping, may make those adjustments more complex and difficult.
Are there other use cases?
More information about the ietf-dkim
mailing list