Experience with DKIM signatures and DCC

Gary Mills mills@cc.umanitoba.ca
Sun Apr 20 13:36:25 UTC 2008

On Sat, Mar 29, 2008 at 05:46:58PM -0400, John Levine wrote:
> >We are using Spamhaus' XBL, and are happy to pay for it.  What I'm
> >looking for now is something that rates domain names by reputation.
> At this point, there isn't one.
> Take a peek at http://www.domain-assurance.org/, a little trade 
> association where we're trying to set standards for domain based 
> whitelists and rep systems.  We've got lots of interest but so far the 
> implementation is pretty weak.

Please excuse the late reply: I have dozens of other urgent projects.

I was disappointed in this web page.  This seems to be a group that
certifies or provides a `stamp of approval' for other organizations,
similar to a trade organization that certifies its own members.
Because of the built-in conflict of interest, the potential for
corruption is very high.  There's not much value for consumers here.

> I agree with Vernon that in general reputation is pretty hard since the 
> bad guys have an unlimited supply of new domains.  That's why it makes 
> more sense to start with whitelists, since good guys tend to hold still.

What I'm looking for is the unimpeded flow of business correspondence.
This might be e-mail between members of my university and members of
other universities, or e-mail between banks and travel agencies and
their customers at my university.  So far, from our sendmail logs,
I've found one university that employs DKIM signatures on their
e-mail; I whitelisted them by their Authentication-Results header.
I'd like to do this for other reputable senders.

I suppose what we need is for the recipients of e-mail to rate the
reputation of sending organizations.  Representing the recipients,
I'd be willing to pay for such a service.  Another alternative is
some independant rating organization that ensures that the sender
takes responsibility for their e-mail.  Of course, even a reputable
company could decide to engage in an e-mail marketing campaign to
gather more customers.  That sort of activity should reduce their
e-mail reputation.

-Gary Mills-    -Unix Support-    -U of M Academic Computing and Networking-

More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.