I've just been reading about Domain Keys Identified Mail at:
http://dkim.org/
It's quite impressive, although it has some intentional limitations.
I'd expect that companies that are frequent `phishing' targets, such
as banks, will start signing their e-mail as soon as they can.
How will DKIM signing fit into DCC? I assume that DCC will be a good
place to verify signatures. Should signed and verified messages be
exempted from bulk mail rejection by DCC? I assume it's not that
simple.
Organizations that sign e-mail messages must take responsibility for
those messages, but I assume that the level of responsibility will
vary. In the case of a bank, the e-mail senders will be employees,
but in the case of an ISP, they will be customers. The relationship
between the organization and the e-mail sender is quite different in
these two cases. There will also be some organizations whose business
is sending bulk mail. I can see a need for reputation ratings, along
with whitelists and blacklists of domain names. How much of this wil
fit into DCC?
--
-Gary Mills- -Unix Support- -U of M Academic Computing and Networking-
_______________________________________________
DCC mailing list [email protected]
http://www.rhyolite.com/mailman/listinfo/dcc
