DKIM reputation

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


On Oct 8, 2007, at 4:54 PM, Keith Moore wrote:


Tony Finch wrote:

On Thu, 4 Oct 2007, Keith Moore wrote:
the vast majority of domains won't be able to use DKIM without seriously impairing their users' ability to send mail.
You seem to be assuming that the vast majority of domains have really shitty message submission servers or connectivity.
It's a combination of several things - one, requiring that a domain operate its own mail submission servers which sign their mail (and all that that implies, like maintaining the private keys). Two, many domains will be too small to develop enough of a reputation to be whitelisted, and any spammer can create a temporary domain which will have about as good a reputation as the vast majority of those domains. Three, as long as people use Windows boxes, spammers will be able to compromise them and hijack them to use them to originate mail on behalf of their domains, thus degrading those domains' reputation.
So basically if you're a small domain, you're SOL. If you're a large domain, people can't afford to blacklist you unless you originate a lot of spam anyway. 

Keith,
The DKIM component that establishes reputation is being discussed within the DKIM WG. The DKIM signature offers an alternative to the IP address which serves as perhaps the only other assured basis for reputation. Of course the IP address also shares all of these problems. A DKIM signature can help avoid some of the reputation problems associated with shared use of an IP address (which is a larger problem for smaller domains). For larger domains, there might be some concern related to replay abuse, where again, smaller domains also enjoy an advantage in being able to squelch compromised systems.
Don't be too quick to condemn DKIM. There should be a simple mechanism which allows email-domains to autonomously authorize DKIM- domains. This feature should defray some of your concerns. Delegating a zone of one's domain would be expensive to manage but is currently the only means now permitted. 

-Doug

_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf
[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]