> If the DKIM specification explicit states that it provides an > accountable identity for a message without mentioning what is > involved for being accountable, then you may get adoption problems.
That hasn't been a problem up to now. I get the impression that most people anticipate doing triage like I suggested a few messages back, whitelist the ones with good reps, blacklist the ones with bad reps, do nothing special to the ones with no rep. > To better facilitate the functioning of these systems, the role of the > signer should be captured. I find this assertion far from self-evident. Sure, if we could collect more info about messages at no cost with perfect reliability, that would be nice. But we can't. Can we collect enough that what we get is worth the hassle of collecting it and the mistakes when it's wrong? I see no reason to think so, and I specifically do not believe that it is possible to get signers to reliably describe their roles. Even in the trivial looking case case where the signer and the return address are in the same domain, you don't know how many agents are lurking within that domain, and there's little reason to believe what they say about themselves. > Should a forwarder (e.g. college alumni permanent address service) have > the same level of accountability as the originating domain (the domain > that received the initial submission of a message)? I don't see why not. If they're sending me mail, they should be accountable, and if it's spam, I'm not happy about it. It's possible that since I asked the alumni assn. to send me the mail, I may accept it even if it's mostly forwarded spam (it is and I do, at the moment), but that's a local decision about reputation, not accountability. Regards, John Levine, [EMAIL PROTECTED], Primary Perpetrator of "The Internet for Dummies", Information Superhighwayman wanna-be, http://iecc.com/johnl, Mayor "I dropped the toothpaste", said Tom, crestfallenly. _______________________________________________ ietf-dkim mailing list http://dkim.org
