----- Original Message ----- From: "Earl Hood" <[EMAIL PROTECTED]> To: "Arvel Hathcock" <[EMAIL PROTECTED]>
> In order to provide a better assement on the value of a DKIM domain > identity, it would help to know the role it played in the transmission > of a message. For example, an originating domain signature may have > a different weighting by recipients from a forwarding domain signature > when determining if the message is acceptable. > > Of course, this also feeds into potential reputation systems, but > some domains may be put under higher scrutiny based upon the role > they played. > Well said. I don't see how DKIM can proceed without working out this extremely fundamental aspect of the inherent email problem - inconsistent transactions. If SMTP was written up on day one where the HELO and MAIL FROM had to be validated or "consistent," we would not the huge problem today (atleast a huge issue of bad or spoofed domains). Bad Actors Exist because they KNOW there exist a market of NON-VERIFYING systems. This is what we need to wean out of the system. IMO, we are going down the same path with DKIM. Verifiers and Signers must validate the "intent" of the SSP otherwise there isn't going to be any kind of 'reliable' policy assertions that can be made. When I sign a message, "confidence" is provided when I know that the downlinks are required to do their job of Double Checking the integrity and identity of the message. It is the same level of confidence I have today in designing mail products for a heterogeneous network: there is a standard behavior expected for transactions. If we leave it open that DKIM verifiers/signers do not have to check SSP, then we have no confidence in the downlinks. We are back to square one. If we think we can address this in "version 2" then we promoting backward compatibility issues. Version 1, you don't have to check the SSP. Version 2, you have to check the SSP. Well, Bad Actors will stick with Version 1. I'm from the mold of "Getting it right, the first time." We should "Get It Right", in version 1. Sincerely, Hector Santos, CTO Santronics Software, Inc. http://www.santronics.com 305-431-2846 Cell 305-248-3204 Office _______________________________________________ ietf-dkim mailing list http://dkim.org
