[ietf-dkim] Are arbitrary From addresses in the physical world following DKIM?
dhc at dcrocker.net
Wed Dec 8 18:53:10 PST 2010
On 12/8/2010 8:36 PM, Mark Delany wrote:
> Forgive me for a bit of an aside, sortof.
> A lot of people have long used the Postal Service analogy of being
> able to supply an arbitrary return address as a justification for
> doing the same in email (DC I'm looking at you, buddy).
> So did anyone catch the news today that UPS.com are planning to verify
> the return address of a package against your drivers license? And that
> other "postal" services may soon follow suit?
> In other words, the days of providing an unauthenticated "author
> address" may be numbered in the physical world.
> It's all in the name of security theater of course, but nonetheless,
> somewhat amusing in the DKIM context.
Right. No one will ever again be allowed to drop mail packages into a postal
slot, because each piece of mail is going to have to have its return address
"verified"... (exercise to the reader: why do I have verified in quotation marks?)
So, as you note, the fun orientation towards security theatre makes this
announcement no surprise, but serious enforcement of it will...
We don't validate the contents of all shipping containers coming into the US,
but we /are/ going to verify the return address of all postal mail.
Sounds like just the right priorities to me...
More information about the ietf-dkim