DKIM becomes more official

John L johnl@iecc.com
Sun Oct 14 20:03:22 UTC 2007


> There's also the phishes.  These are apt to fool our users.  I'd like to 
> see them rejected.  DKIM seems to be the way to accomplish this.  I have 
> to assume that if Ebay/Paypal announces they are using DKIM, they are 
> giving us leave to block messages that don't pass DKIM verification.

Yes, they've said as much.  Rejecting unsigned mail from ebay.com, 
paypal.com, ebay.ca, and paypal.ca is a good idea.  Of course, this won't 
help when mail comes from paypal-payments.com.

> I'd like to see a non-profit and neutral organization take on the task 
> of maintaining such a database eventually.  It is the other piece that's 
> required for DKIM to work in general.

Maintaining reputation data is not cheap, because there is a large 
category of mailers whose reputations are somewhere between good and bad 
who are desperate to get their mail delivered and game reputation and 
filtering systems however they can.  I know people whose full time job is 
to negotiate with them.  You're more likely to see it either from 
commercial certification vendors like Return Path and Habeas, and with any 
luck regulators and trade associations publishing lists of their members, 
e.g., the CDIC publishing the domains of their member banks.

You might want to look at http://www.domain-assurance.org (run by the 
neutral and non-profit Domain Assurance Council of which I am one of the 
founders) that has an open spec for publishing and checking reputation 
info.

Regards,
John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for Dummies",
Information Superhighwayman wanna-be, http://www.johnlevine.com, ex-Mayor
"More Wiener schnitzel, please", said Tom, revealingly.



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.