--On 19 August 2010 12:29:35 -0400 Hector Santos <[email protected]> wrote:
> [email protected] wrote: >> Daniel, >> DKIM signing clearly defines who takes responsibility for >> signing an email > > Responsible for what? Can I get sued when something goes wrong? If you're doing stuff that's illegal, then your DKIM signature makes it easier to prove a law suit against you. Similarly, if you're not doing anything illegal, then your signature could provide evidence of tampering by the recipient or a third party. >> ADSP is only useful if it is implemented by draconian senders >> like financial emailers who really really want all malformed >> dkim signatures to be dropped regardless of consequences > > Draconian? Maybe they don't to get sued when the new signer > ignorantly ignores policy and resigns the mail thus passing the > responsibility buck. You know the "You break, you own" pottery > principle. PAYPAL was pretty smart to put a official RFC sanctioned > technological disclaimer out there. Yes, I wouldn't call an ADSP user draconian. Defensive (in a neutral sense), perhaps. >> There is NO filtering usefulness using DKIM as it is >> not reputation based. It does give one the ability to slow >> down spoofing. If the signature matches then indeed the sending >> ISP did in fact send it > > But what if it didn't match? Do you continue sending potentially > spoofed mail? Actually, there is filtering usefulness in DKIM, because it can be used in conjunction with a reputation database. > >> Now why would anyone make time to evangelize against a >> protocol at a conference is beyond me unless it was SPF :-) > > Maybe because for so long everyone heard about how great DKIM is, with > years of no real proof or payoff shown, and now the conference > sponsors decided to add an opposing viewpoint or a viewpoint that > might suggest where there might be a payoff with DKIM. -- Ian Eiloart IT Services, University of Sussex 01273-873148 x3148 For new support requests, see http://www.sussex.ac.uk/its/help/ _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
