"Michael Thomas" <[email protected]> wrote:
>On 02/24/2010 12:28 PM, Franck Martin wrote:
>> I spoke recently to someone which I think will join this group soon.
>>
>> But basically his idea of being alerted of a broken signature was also to
>> catch people who are trying to fake the DKIM signature, and see the extent
>> of it.
>
>Faking DKIM signatures shouldn't help *anybody*. If there's any incentive to
>make a fake DKIM signature by bad guys, somebody's software is horribly broken.
>
>> Also personally, I think the sender is more motivated to fix a broken DKIM
>> signature than the receiver.
>
>Sure, but I think the question here is whether a huge hose of ARF reports from
>potentially unknown and not very trustworthy sources is the right way to go
>about
>sniffing out forwarding oddities, etc.
>
>I guess a lot of my uncomfort here is that abuse reporting could end up being
>its own abuse vector as well as something that take on a life of its own. The
>potential volume of traffic could be very large versus the benefit of... what?
>It seems to me that the problem space for this should be extremely constrained
>to solve a minimal set of very explicit existing problems, and not feature
>creep beyond that. WRT DKIM, I'm not sure what that problem set is.
Well said. Much better than the reply I'd started drafting.
Scott K
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
