On Thu, Jun 19, 2014 at 11:15 AM, Hector Santos <hsan...@isdg.net> wrote:
> While DKIM-BASE tried to clean up this separation of the author domain > policy, it could not because of all the past existing ADSP or SSP > references in the many DKIM related RFCs, see RFC6376, section 1.1. But > conceptually, it didn't matter what you called it. It was an author domain > signing policy protocol and today, it's called DMARC. DKIM has no payoff > with just base signing analysis . It was separated but with all the > intentions of sticking secondary author policy and signer trust layers on > it before a payoff was realized. > There are reputation systems -- I built one, and I know others exist -- that use DKIM as the identifier on which reputation is built, and they've been effective in experimental environments at identifying what's good and what's outside of "good". The difference here is between active and passive determination of what's good and what's not good. If you want active, I agree that DKIM by itself isn't enough. But I disagree, with evidence, that DKIM "has no payoff with just base signing analysis". If that's not convincing enough, consider that IP reputation has been largely successful, and the input to such systems is a verified identifier, which is the same class of output DKIM provides. -MSK
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
