On Wed 30/Aug/2023 07:35:08 +0200 Murray S. Kucherawy wrote:
On Tue, Aug 29, 2023 at 8:11 PM Dave Crocker <d...@dcrocker.net> wrote:
On 8/29/2023 7:46 PM, Grant Taylor wrote:
On 8/29/23 9:02 PM, Dave Crocker wrote:

Why not re-use the existing DKIM solution, just with a different domain / set of keys?

Because it does not provide the affirmative information that I am postulating/guessing the originating platform can supply.

I have to agree. It's compelling to consider that a high-trust domain might flag something for my extra consideration. This could be done per-message, rather than per-key, which was Grant's counterproposal; the equivalent is to generate a selector per message, which appears at least on the surface to suffer problems of scale.


The affirmative information can be provided by using semantic subdomain names, whose purpose and meaning has been registered. See the strawman here:
https://mailarchive.ietf.org/arch/msg/ietf-dkim/ez0PYqMdCDoR4-sN2toPGObMMFI


Rather than doing it in a header field, though, could it be done simply with a new tag?


The advantage of a subdomain w.r.t. a tag is that many receivers can operate on it natively, assigning reputation as normal, like Grant said, whereas a new tag would be ignored.


Let a domain establish a bad reputation. Especially if it's being used for sending messages that are considered to be questionable.

Establishing a reputation takes time. The likely behavior of a bad actor is within a very short time-frame.

And it is a single account, not the entire domain, that is the problem.

Or even a single message.


Or the ellipsis in Dave's "deemed spammy by the originating platform, or for new users who do not yet have an established quality record, or..."


And I've never understood why people get enamored of the idea of relying on bad reputations to spot bad actors. A bad actor who thinks it has attracted a negative reputation need only move to a new name in an otherwise gigantic public namespace (domain name or IP address) to start over from zero.


I reject messages from domains newer than 30 days. What is the time frame everybody else uses?


Best
Ale
--




_______________________________________________
Ietf-dkim mailing list
Ietf-dkim@ietf.org
https://www.ietf.org/mailman/listinfo/ietf-dkim

Reply via email to