On Oct 4, 2007, at 5:25 PM, Keith Moore wrote:
I guess I must have been in the bar when they had that pledge of
allegiance. But even allowing that there is any such pledge, to
the degree that we enable domains to control who uses their name
and be accountable when they behave badly is certainly a net good
thing IMO.
domains don't behave well or badly. they're just names. and I
don't think it's in the internet's interest to require people to
associate themselves with what is essentially a brand name in order
to be heard. using DKIM for spam filtering pretty much does that.
DKIM might ensure a message, about to be dropped, generates a non-
delivery notification instead. With extensions to DKIM, such as TPA-
SSP, even email-addresses within different domains from those used
for DKIM signing could make assurances. When a message hits a snag,
TPA-SSP offers assurances that the domain in question is not being
spoofed. TPA-SSP is extensible and allows a user to associate their
email domain with any number of DKIM signing domains.
Individuals may be where TPA-SSP finds support. TPA-SSP also allows
sub-domains differentiate signing policies. Secure use of sub-
domains and Third-Party domains might be a feature corporations put
to good use as well. The TPA-SSP mechanism allows principal domains
to sign transactional emails and yet safely permit employees to send
to mailing lists that also sign with DKIM.
DKIM can be very flexible. However, the DKIM cryptographic process
may place a sizeable burden upon receivers, especially when spam is
in excess of 99%.
-Doug
_______________________________________________
Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf