DKIM is extremely helpful for this scenario because the negative reputation that you have assigned to my identity (errr... domain) can now be reliably and accurately applied.The threat analysis characterizes the bad acts as the spoofing of email addresses. Different issue. Yes I certainly agree with you statement about reputation. In fact, I think DKIM documents should simply and directly say something like: DKIM validates the use of an identity. A validated identity has a number of uses, including as the referential basis for developing a reputation information service. However identity validation is merely input to the creation of such a service, rather than having any reputation-related semantics of its own. Well, maybe that wasn't as simple as it could be... In any event, I was commenting on the cited statement, which the threats document does focus on. My point is that this obnoxious Dave Crocker that you do not want to receive mail from qualifies as a Bad Actor, but no spoofing is involved. We do lose sight of some of the benefits when we focus on spoofing, but the threat analysis is focused on what the bad acts are that we're preventing (or trying to prevent) rather than the good things we're trying to do.see my above phrasing. my entire intent is to claim that there is a bad actor who is not particularly related to spoofing, but is highly relevant to dkim benefits. d/ |
_______________________________________________ ietf-dkim mailing list http://dkim.org
