This is a good example of the problem here. On the one hand we have a nobel cause and wish to protect the brand reputation with a trusted service using a positive Domain Reputation Assertion.
But on the other hand, we don't want want to follow any violation or deviations of this positive Domain Reputation Assertion. Lets make perfectly clear there is NO ISSUE with this idea. Assuming this is the way we want to go with a undefined Reputation Protocol, this is ok, but we need to also follow what Dave Crocker recently wrote: "When someone asserts that a mechanism offers protection, they are obligated to account for the cases that are /not/ covered. If they are diligent, they will then assess the relative costs and benefits of this protection proportion, versus the unprotected proportion." [1] What I have been speaking of all long is that POLICY would provide for Failure Detection against protocol violations. That would include a protocol based on reputation. A reasonable compromise can be produce if receivers, including intermediaries follow the same standard protocol methodology: Step 1) Lookup the reputation, Resolve Step 2) Lacking Reputation Indicators or indeterminate signer resolution, Lookup ADSP to resolve Domain Signature Expectations. Crocker and Levine, if you guys can accept this, I think you will go a long way to getting a final resolution the 4-5 year year policy debates and more importantly, show a green light and light at the end of the tunnel to begin getting more developers to implement DKIM and get wider network adoption of DKIM using a persistent protocol methodology. I don't think #2 interferes with your Reputation schemes and promotions, but it will require to accept standard provisions that intermediaries follow by the same consistent rules. -- Hector Santos, CTO Santronics Software, Inc [1] http://mipassoc.org/pipermail/ietf-dkim/2009q4/012655.html hector wrote: > Dave CROCKER wrote: > >> >> Ian Eiloart wrote: >>> OK. What ADSP adds is the ability to assign reputation to a specific >>> email claiming to originate from a specific domain. Except for >>> "unknown". >> >> A DKIM signature says nothing about "origination". A signature is >> typically by an organization that handles the message, but it need not >> be the originator or even a sender. An independent trust service, >> such as Goodmail, could sign it, for example. > > > So are you saying that all receivers should whitelist goodmail.com > > dkim-signature: d=goodmail.com ....? > > regardless of what the Author Domain has declared for ADSP? > > Should we take for granted that the author domain has paid GOODMAIL.COM > to certified its mail? > > Conversely, what happens when mail from author domain does not arrive > with GOODMAIL.COM signatures? > > How does the receiver handle this? > > -- > HLS > > > _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html