On Wed, 20 Oct 2010 18:32:44 +0100, John R. Levine <jo...@iecc.com> wrote:
>> A reputation service can only say that a domain is >> BAD >> GOOD >> or NO EVIDENCE AVAILABLE EITHER WAY. >> >> I think the last case has to be treated pretty much like GOOD, otherwise >> newcomers to the internet will never even get their messages accepted. > > Heck, no. Treat it like there's no signature at all, and filter it like > one does now. So if I (being a perfectly honest citizen) create some brand new internet service, which needs to be secure; and if I secure it by signing all emails sent to my clients plus declaring an ADSP policy of 'discardable', then you want all messages sent to my clients on day 1 of the service to be discarded at my clients' boundaries because, not yet having established any reputation, my messages are to be treated as unsigned, and hence discarded in accordance with my ADSP setting???? And it the reputation services discover that all mails sent from my domain are being discarded, they will start to create a Bad reputation for me, instead of the Good one that I hoped to acquire as my new service became known. No, lack of reputation has to be treated as entirely neutral. Bad reputations have to be earned by performing Bad deeds. -- Charles H. Lindsey ---------At Home, doing my own thing------------------------ Tel: +44 161 436 6131 Web: http://www.cs.man.ac.uk/~chl Email: ...@clerew.man.ac.uk snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K. PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5 _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html