> 1. Authors need to be able to make coded assertions about the nature > of a message's content that can be used as input to spam filters' > decision-making. DKIM must be capable of signing those assertions.
Could you give some examples of these assertions, and how they would be useful in practice for a spam filter that you would use? (I'm much less interested in what some hypothetical person might want than in stuff that we actually do want.) The Project Lumos spec had all sorts of fine grained assertions about messages and senders, and although they looked very useful for a bulk mailer who wanted recipients to do his list management for him, none of them were at all useful to recipients. If you're thinking of assertions like "this is transaction mail" and "this is list mail", in what ways would you treat messages with those assertions differently if they're both from a signer you trust? How about if they're both from a signer you don't trust? >recipient-specific incentives to read their messages, recipients need >to be able to prove that "this message was sent by <sender-address> to ><my-address>". Why? I care a lot about who the sender is. If the sender has a good reputation, I want his mail. This smells a whole lot like the replay nonsense that I thought we dealt with a few weeks ago. In theory, I understand that it's possible that someone might resend messages to other recipients for hostile purposes. In practice, I see little incentive for someone to do so. >The idea is to give "legitimate" advertisers a way to say "here is why >you should accept delivery of this message" and maybe "here is why you >should read this message". >In the world I envision, reputation services would not rate whether a >particular sender or domain spammed - but rather, whether a particular >sender or domain accurately labeled their messages, and the degree to >which they could be held accountable for mislabeled messages. Yeah, Lumos was all about that. You know what? Recipients don't care. If a sender has a good reputation, recipients will take all of their mail. If it has a bad reputation, they'll reject it. I realize that it is theoretically possible that there could be senders that send mail that is accurately labelled as UBE, but I have trouble understanding why anyone would do it, since recipients would still reject it all. Why demand a system to support scenarios that aren't going to happen? R's, John _______________________________________________ ietf-dkim mailing list http://dkim.org
