Folks, Fred Baker wrote:
I will disagree with you there. DKIM allows the concept of a corporate signature - "I'm Cisco and I know who my employee is" or "I'm Yahoo and I know who my user is" - but it doesn't require it. What it does require
This is a key point. A DKIM is signature is an affirmative statement of responsibility by the Domain owner, *for that message*. So when a signature is present, you have an accountable entity.
Whether you actually have any trust in that entity is a separate (and more interesting) question. Assessment mechanisms for an authenticated domain name, do not have any standards yet.
For that matter, a standard that signals that a site signs all mail containing their domain in a particular field is also a matter still awaiting standardization. At the moment, the "I sign everything" construct is ad hoc. A domain can know it about itself, of course, so that cisco can detect inbound mail that forges cisco's domain. For now, other recipient sites require ad hoc lists.
What DKIM has not yet been established for, is filtering out bad mail. Although the "I sign everything" construct is expected to help this, there is no meaningful track record that it really works.
More generally, this thread has been dominated by views that there are single, simple, well-understood solutions for the problem(s) being cited. Among the anti-abuse community, the consensus is that effective mechanisms are not singular, not simple, and not yet well-understood.
On the average, the public community -- and I'm afraid that the IETF mailing list appears to fall into the broad, non-technical category -- entirely underestimates the sophistication of modern email abuse mechanisms.
John Levine and others have been making this point on the thread, but it does not seem to be registering.
Having mail receivers at ietf.org take note of email authentication is a Good Thing. Assuming that this is going to "solve" any particular email problem is not.
d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf