[ietf-dkim] MLMs and signatures again
Murray S. Kucherawy
msk at cloudmark.com
Thu May 26 12:02:42 PDT 2011
> -----Original Message-----
> From: ietf-dkim-bounces at mipassoc.org [mailto:ietf-dkim-bounces at mipassoc.org] On Behalf Of John R. Levine
> Sent: Thursday, May 26, 2011 6:40 AM
> To: Ian Eiloart
> Cc: DKIM List
> Subject: Re: [ietf-dkim] DKIM Scouts, was 8bit downgrades
> Mailing lists have worked quite well for 40 years with no signatures at
> all, making all sorts of random changes to the mail, so it has to be
> something more than that.
Applying the same logic: Email in general has been fine without DKIM for 40 years, so why do we need it?
Thinking in abstract terms: If you accept the premise that DKIM delivers a validated domain name as its payload, and that domain name represents an ADMD that takes "some" responsibility for a message, then it's not clear to me why one would claim it's not valuable to have two responsible parties instead of just one. You can then evaluate both of those names and decide if either of them, or perhaps the combination of them, warrant additional filtering or, instead, priority handling.
The question really is: How valuable is this? Or put another way: Is it worth the work to make the two identities available instead of only that of the MLM? I suspect the answer is "yes" as it can only improve your accuracy. The only remaining issue is how hard it will be to make that happen, and whether or not the payoff is big enough to offset the pain. That, I think, is the real thing that needs to be evaluated.
Now, those are abstract terms. When argued in terms of passing an author signature through an MLM given modern realities, it does indeed sound like it's not worthwhile, because in that particular context you're not likely to see the stuff you want to filter coming via such paths in the first place.
But now invert that thinking. Let's say your domain manages to acquire a positive reputation, but now you and I are on a re-signing MLM whose domain has no reputation or maybe even a slightly negative one. Your reputation could trump that of the list, or could improve that of the list by your participation in it, at least from my perspective. But for that to happen, your signature has to survive.
I don't think that's a concept that should be discarded out of hand just because MLMs have been the way they are for a long time and they're in the way of such innovations. Updating them even a little might enable a host of useful new applications.
More information about the ietf-dkim