John R. Levine wrote: >> Flip that around: I want to give positive warm fuzzies to mail from the >> users that are authenticated by bigisp.com and are on my positive list. > > I believe that's what we call "human shields." Um, no. This whole model > of bigisp sending a mixture of legit and forged mail, and using i= to > assert nice things about the legit mail seems awfully strained. In my > experience, if I get a message with a credible signature, one of the > things that "credible" means is that the From: address is real enough to > use for message sorting.
An assertion from a large ISP-like domain with only the d= is essentially useless. Ok, it came though bigisp.com, now what? Bigisp by definition is going to have some bad actors, so without some other means of differentiation the signature's domain only tells you that it's from somebody who's going to have bad actors. i= is one means for identifying sub-domain level granularity, but it could be done other ways as well. You could sign an "X-Evil: yes" header as well. The bigger problem with i= is that its semantics were underspecified because the working group didn't want to go there. So unsurprisingly we're now in a position where we have a large user base of signers who put something in i= and we're not quite sure what they mean by it. Chickens: roost. Mike _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html