On 4/30/10 8:48 AM, Michael Thomas wrote: > On 04/30/2010 08:32 AM, Jeff Macdonald wrote: > >> Perhaps poorly chosen words. But I think most understood the intent. >> I'm willing to go from a world where any system can use my From to one >> where only the systems I say can. And that means changes. >> > Really? The sender has to opt in? That sounds like a lot of operational > burden on the sender admins. To me that says that I'd need to get blessing > from my mail admins to start posting to a new list/domain. Which is a pretty > big change from the way things are now. And to my mind a little bit scary. > Why not, when a sender authorization scheme can be unilaterally enacted in milliseconds with a simple request, either in the form of an email or a web-page. This would be a request to grant specific exceptions in the domain's "discard-able" or "all" policy by publishing a hash label.
In the case of financial institutions, before taking such step, any authorized third-party should be audited. This would be easier to do with DKIM than with SPF because a server's range of permitted sources is not determined with a simple message probe. With DKIM, testing the handling of submissions from different accounts would offer reasonably assurance an authorization does not permit exploitations. By implementing a third-party authorization scheme with DKIM, tighter restrictions become possible with fewer messages lost. A DKIM authorization scheme would also put the burden of knowing who can be trusted to properly handle A-R headers and message bodies on to the senders seeking protections afforded by "all" or "discard-able" ADSP policy. -Doug _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
