On Tue, Dec 13, 2022 at 2:54 AM Alessandro Vesely <ves...@tana.it> wrote:
> Perhaps they could devise better methods than asking _accountable? (Y/N)_ > on a > questionnaire. Linking to bank accounts is an example. > Would you link a free email account to your bank account for any reason? I don't think I would. I'll go somewhere else. A discernment possibility is to sign differently. RFC 6376 specified an > Agent > or User Identifier tag, i=, as a finer grained identity. One having > i=bullshit...@example.com would still be a valid DKIM signature. > Alternatively, could use subdomains, d=bullshit.example.com. How long > would it > take receivers to learn it? > This tactic appears to me to have three problems: (1) negative reputations are of little value to receivers, because attackers can easily shed them; (2) if I have to remember everything with a negative reputation for some undetermined period of time, I now have a resource problem; (3) I can just not sign my mail, because maybe no reputation is better than a negative one. In contrast, positive reputations are far fewer in number, far more valuable to collect and protect, and very likely last a lot longer. Giving preferential treatment to a domain that earns a positive reputation seems like a much better approach. -MSK
_______________________________________________ Ietf-dkim mailing list Ietf-dkim@ietf.org https://www.ietf.org/mailman/listinfo/ietf-dkim