Gary Mills
mills@cc.umanitoba.ca
Tue, 29 May 2007 14:02:06 -0500
I've just been reading about Domain Keys Identified Mail at: http://dkim.org/ It's quite impressive, although it has some intentional limitations. I'd expect that companies that are frequent `phishing' targets, such as banks, will start signing their e-mail as soon as they can. How will DKIM signing fit into DCC? I assume that DCC will be a good place to verify signatures. Should signed and verified messages be exempted from bulk mail rejection by DCC? I assume it's not that simple. Organizations that sign e-mail messages must take responsibility for those messages, but I assume that the level of responsibility will vary. In the case of a bank, the e-mail senders will be employees, but in the case of an ISP, they will be customers. The relationship between the organization and the e-mail sender is quite different in these two cases. There will also be some organizations whose business is sending bulk mail. I can see a need for reputation ratings, along with whitelists and blacklists of domain names. How much of this wil fit into DCC? -- -Gary Mills- -Unix Support- -U of M Academic Computing and Networking-