----- Original Message ----- From: "Barry Leiba" <barryleiba@xxxxxxxxxxxx> To: "t.petch" <daedulus@xxxxxxxxxxxxx> Cc: "ietf" <ietf@xxxxxxxx> Sent: Friday, July 29, 2011 5:02 PM > I think that it is an error for the IETF to add DKIM signatures. They do indeed > tell me > which intermediary has sent me the mail, but does nothing for the 'spam' that > the > intermediary accepted in the first place (albeit there being little of that on > the IETF > managed lists). ... > It functions, but does not work, in that it tells me nothing about the true > origin of the communication. What it does is allow you to assure yourself that the message was, indeed, from an IETF mailing list (well, from an IETF email server), and that it wasn't that someone tried to spoof that. That, in turn, allows you to confidently increase your trust that the message is not spam in proportion to your confidence in the IETF's spam-filtering capabilities. Some of us, at least, find that useful. Some of us might even completely white-list IETF-signed messages. You can make your own choice on that. <tp> Yes, I do understand that - having read the first round of DKIM RFC when they came out all those years ago - and do see it as a useful tool for improving the security of e-mail and I should have made that clearer in my first e-mail. Sadly, I do not see it being used in the mailing lists where an organisation is sending me directly data I would like to be able to rely on - which I think fits the applicability well - and instead, I see it being used on a mailing list such as those in the IETF where I believe that the costs outweigh the benefits - and I have no choice about that:-(. Tom Petch Barry, DKIM WG chair _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf