On May 26, 2011, at 12:02 PM, Murray S. Kucherawy wrote: >> -----Original Message----- >> From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim-boun...@mipassoc.org] >> On Behalf Of John R. Levine >> Sent: Thursday, May 26, 2011 6:40 AM >> To: Ian Eiloart >> Cc: DKIM List >> Subject: Re: [ietf-dkim] DKIM Scouts, was 8bit downgrades >> >> Mailing lists have worked quite well for 40 years with no signatures at >> all, making all sorts of random changes to the mail, so it has to be >> something more than that. > > Applying the same logic: Email in general has been fine without DKIM for 40 > years, so why do we need it? > > Thinking in abstract terms: If you accept the premise that DKIM delivers a > validated domain name as its payload, and that domain name represents an ADMD > that takes "some" responsibility for a message, then it's not clear to me why > one would claim it's not valuable to have two responsible parties instead of > just one. You can then evaluate both of those names and decide if either of > them, or perhaps the combination of them, warrant additional filtering or, > instead, priority handling. > > The question really is: How valuable is this? Or put another way: Is it > worth the work to make the two identities available instead of only that of > the MLM? I suspect the answer is "yes" as it can only improve your accuracy. > The only remaining issue is how hard it will be to make that happen, and > whether or not the payoff is big enough to offset the pain. That, I think, > is the real thing that needs to be evaluated.
In my experience with traditional discussion MLMs (which is the situation we're talking about) if I trust the MLM, I generally don't care about who the participants are. While you're absolutely right that in this case having identities of two responsible parties (original author and MLM) is more valuable than one (MLM). But I think the increase in value is somewhere between marginal and negligible, so unless it comes "for free" it's probably not that interesting to try and do. And when we're talking about DKIM identities it's definitely not something that will be easy to do (it may not even be possible without seriously compromising either DKIM's promises or an MLMs usability). > Now, those are abstract terms. When argued in terms of passing an author > signature through an MLM given modern realities, it does indeed sound like > it's not worthwhile, because in that particular context you're not likely to > see the stuff you want to filter coming via such paths in the first place. > > But now invert that thinking. Let's say your domain manages to acquire a > positive reputation, but now you and I are on a re-signing MLM whose domain > has no reputation or maybe even a slightly negative one. Your reputation > could trump that of the list, or could improve that of the list by your > participation in it, at least from my perspective. But for that to happen, > your signature has to survive. The value of traditional MLMs is the discussion, rather than the individual post. The quantum of value is the thread, rather than the email. If the reputation of the MLM is poor enough that mail from it is not being delivered, trumping that with an authors reputation may get individual emails delivered - but not threads, so it doesn't really improve the value provided to the recipient (it probably decreases it - a mailing list that delivers one in ten posts to my inbox is less useful than one that delivers none at all). > I don't think that's a concept that should be discarded out of hand just > because MLMs have been the way they are for a long time and they're in the > way of such innovations. Updating them even a little might enable a host of > useful new applications. Cheers, Steve _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
