Sun Oct 14 20:03:22 UTC 2007
> There's also the phishes. These are apt to fool our users. I'd like to > see them rejected. DKIM seems to be the way to accomplish this. I have > to assume that if Ebay/Paypal announces they are using DKIM, they are > giving us leave to block messages that don't pass DKIM verification. Yes, they've said as much. Rejecting unsigned mail from ebay.com, paypal.com, ebay.ca, and paypal.ca is a good idea. Of course, this won't help when mail comes from paypal-payments.com. > I'd like to see a non-profit and neutral organization take on the task > of maintaining such a database eventually. It is the other piece that's > required for DKIM to work in general. Maintaining reputation data is not cheap, because there is a large category of mailers whose reputations are somewhere between good and bad who are desperate to get their mail delivered and game reputation and filtering systems however they can. I know people whose full time job is to negotiate with them. You're more likely to see it either from commercial certification vendors like Return Path and Habeas, and with any luck regulators and trade associations publishing lists of their members, e.g., the CDIC publishing the domains of their member banks. You might want to look at http://www.domain-assurance.org (run by the neutral and non-profit Domain Assurance Council of which I am one of the founders) that has an open spec for publishing and checking reputation info. Regards, John Levine, firstname.lastname@example.org, Primary Perpetrator of "The Internet for Dummies", Information Superhighwayman wanna-be, http://www.johnlevine.com, ex-Mayor "More Wiener schnitzel, please", said Tom, revealingly.
More information about the DCC