On 02/24/2010 12:28 PM, Franck Martin wrote: > I spoke recently to someone which I think will join this group soon. > > But basically his idea of being alerted of a broken signature was also to > catch people who are trying to fake the DKIM signature, and see the extent of > it.
Faking DKIM signatures shouldn't help *anybody*. If there's any incentive to make a fake DKIM signature by bad guys, somebody's software is horribly broken. > Also personally, I think the sender is more motivated to fix a broken DKIM > signature than the receiver. Sure, but I think the question here is whether a huge hose of ARF reports from potentially unknown and not very trustworthy sources is the right way to go about sniffing out forwarding oddities, etc. I guess a lot of my uncomfort here is that abuse reporting could end up being its own abuse vector as well as something that take on a life of its own. The potential volume of traffic could be very large versus the benefit of... what? It seems to me that the problem space for this should be extremely constrained to solve a minimal set of very explicit existing problems, and not feature creep beyond that. WRT DKIM, I'm not sure what that problem set is. Mike _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
