Doug Otis wrote: >> Also remember CSV which Dave and I concocted to allow sites to identify >> the hosts that are supposed to be mail clients. > > John, it was Dave Crocker, John Leslie, and myself, where I had > independently written a draft similar to Dave's.
> > It is really a shame too, as this approach would have helped establish a > name basis for a reputation scheme that could have been applied early in > the SMTP transaction. A reputation scheme based upon any authorization > that leave providers nameless would be wrong and inherently unfair. Doug, for the same reasons reputation schemes are hard to shallow for DKIM as a general, useful, consistent scheme protocol, it was also hard to shallow for CSV. It was a Batteries Required concept, and once again, doesn't address failure which was what MARID was looking for - the result SPF/SENDER-ID. If you wish to consider policy and enforcement, I might even begin to cheer for CSV. However, its really a day late and a dollar short - the SPF standard is widely adopted and has an optional solution at EHLO/HELO checking. CSV would be redundant. > Dealing with IPv6 will likely require reputations be based upon a domain > name rather than upon individual IP addresses. Why do we keep talking about a solution with a undefined reputation component? We talk about it so much, maybe it should be written into the charter so we can concentrate on developing a open standard reputation protocol, then maybe some of the reputation/DKIM ideas can begin to make sense. > Looking for the low-cost web of trust... Original Domain DKIM POLICY! Middle ware should keep their fingers off. Mailing list should HONOR it. If the abuse is so low, then it wouldn't hurt if forwarders honored policy. But it would at least close the loophole for the presumed "low volume" domain abuse. -- HLS _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
