On Mon, Nov 14, 2022 at 11:04 AM Laura Atkins <la...@wordtothewise.com> wrote:
> Does it make sense to add in a brief discussion of ‘responsibility for the > message'? As I see it, responsibility implies able to do something against > the originator of the message or act to stop the message if it turns out to > be a problem. If it’s your customer and the mail is going out over your > network you can disconnect them. If the mail isn’t going out through your > network, you have very little control and if you don’t have control can you > really be responsible. > Personally, I'd be fine leaving this for the WG to debate rather than settling it in the charter. I think both positions are defensible. RFC 6376 says "some responsibility"; it leaves open to discussion what that really means. I'm sympathetic to the idea that Gmail (for example) filters outgoing stuff looking for spam, but also that this has always been a tactical arms race, and something you consider spam might not in that moment agree with what their detection stuff can identify. Wei might argue that their signature means "We attest that this passed through us, and we did our best to make sure it was legitimate before it went out", than the more absolute "We claim this is legitimate and we are willing to stake our reputation on it" that some seem to infer. The latter might even be incentive to consider not signing anymore. -MSK
_______________________________________________ Ietf-dkim mailing list Ietf-dkim@ietf.org https://www.ietf.org/mailman/listinfo/ietf-dkim