On 10/14/09 7:10 AM, Dave CROCKER wrote: > > > Ian Eiloart wrote: >> OK. What ADSP adds is the ability to assign reputation to a specific email >> claiming to originate from a specific domain. Except for "unknown". > > A DKIM signature says nothing about "origination". A signature is typically > by > an organization that handles the message, but it need not be the originator or > even a sender. An independent trust service, such as Goodmail, could sign it, > for example. > > >> It's not really a DKIM issue, but if I get email from >> paypal.co.uk, then how do I determine whether that email is from paypal? > > Mapping from a domain name to a brand name or company name or the like is > indeed > an interesting topic. As you say, it has nothing to with DKIM.
Agreed. But this does affect ADSP, the DKIM policy layer. It is not practical to have all agents that might operate on behalf of some domain to have previously exchanged keys allowing them to position selectors at or below the Author Domain. Currently, most DKIM recommendations in these cases depend upon reputation services as a means for recipients to make acceptance decisions, which mostly works. However, a reputation service is twice removed from that of an Author Domain that may wish to assert a DKIM policy that might be seen as being restrictive. Even slight restrictions make other agents appear to be in conflict with the Author Domain policy. Unfortunately, only rarely are Author Domains not dependent upon a number of other agents that have not previously shared keys in some manner. Nor would it be practical or safe for an Author Domain to widely share their keys in some manner. There is a way to solve this DKIM policy problem without always needing to rely upon reputation services, or the impractical and unsafe sharing of keys. -Doug _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html