Experience with DKIM signatures and DCC

John Levine johnl@iecc.com
Sun Apr 20 14:26:16 UTC 2008

>> Take a peek at http://www.domain-assurance.org/, a little trade

> I was disappointed in this web page.  This seems to be a group that
> certifies or provides a `stamp of approval' for other organizations,

No, it's not,.perhaps you should read it again.  DAC sets standards, we 
don't certify anything or anyone.

VBR is basically a spec for shared domain whitelists, sort of like the way 
the RBL format is a spec for shared IP blacklists.  Once you know that a 
domain in a message is real via DKIM or whatever, you can use VBR to see 
if it's on whatever whitelists you want to use.

> I suppose what we need is for the recipients of e-mail to rate the
> reputation of sending organizations.  Representing the recipients,
> I'd be willing to pay for such a service.  Another alternative is
> some independant rating organization that ensures that the sender
> takes responsibility for their e-mail.

Right.  Given the history of spam filters, user ratings don't work very 
well because users are inconsistent.  I expect that the largest use will 
be rating companies and trade groups or regulators that publish lists of 
their members, e.g. the FDIC publishing lists of domains of the banks 
they insure.

John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for Dummies",
Information Superhighwayman wanna-be, http://www.johnlevine.com, ex-Mayor
"More Wiener schnitzel, please", said Tom, revealingly.

More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.