On Oct 04, Stephen Gran <[EMAIL PROTECTED]> wrote: > Does signing a mail tell me something about the origin that the IP layer > doesn't already tell me much more cheaply? You are missing the point: maintaining reputation data associated to IP addresses is not cheap at all nor very reliable, because IP addresses tend to change and mail to be forwarded. DK/DKIM (and partially SPF) solve these problems by allowing receivers to reliably associate reputation data to domains instead of IP addresses.
BTW, this means that there is no point in signing lists.debian.org mail traffic unless the listmasters are aware of requests for this by large mail receivers. Since lists.debian.org is not routinely forged nor it is a phish target there is also no point in signing it to "prevent forgeries" (nobody relevant associates negative reputation to a missing DKIM signature). Since currently these two are the only practical uses of SPF/DK/DKIM I argue that signing lists.debian.org mail is not needed. > I'm personally not all that impressed with any of the sender > verification schemes - so far they all seem to be set up to allow bulk > senders to pretend they're not just spammers with nicer suits. There is a huge number of bulk senders which are not spammers. If this is not clear to you then you should not be allowed close to important mail servers. -- ciao, Marco
signature.asc
Description: Digital signature