On Sun 11/Dec/2022 21:52:46 +0100 Murray S. Kucherawy wrote:
On Sun, Dec 11, 2022 at 12:34 PM Michael Thomas <[email protected]> wrote:
As for resolution: the first obvious one is to not send spam in the first
place. That is the root of the problem. The second is that Bcc's can be
treated with more suspicion. Neither of these needs the working group to do
anything.
I think this is easier said than done. In the example I gave, "don't send
spam in the first place" reduces to "make sure your users are 100%
trustworthy or that your outbound spam filters are 100% accurate", which
strikes me as an impossible bar to meet.
The alternative is to say: Well, if you can't make at least one of those
two quantities bulletproof, then don't sign your mail. That, though,
sounds a lot to me like tossing DKIM in the bin.
On the opposite, if Gmail restricted signing to accountable users only, its
signatures would gain value. If they started doing so it would soon be
noticed, and signatures would acquire a meaning in delivery decisions.
Endowing signatures with a significant value increases the overall value of
DKIM.
Best
Ale
--
_______________________________________________
Ietf-dkim mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ietf-dkim
