> -----Original Message----- > From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim-boun...@mipassoc.org] > On Behalf Of Steve Atkins > Sent: Thursday, May 26, 2011 3:20 PM > To: DKIM List > Subject: Re: [ietf-dkim] MLMs and signatures again > > That's relying on an awful lot of vaporware in the MUA, orthogonal to > any sort of authentication. I don't think any MUAs really track sender > reputation in any way[1].
It's not vapourware in general. Such feedback systems exist, and could easily be tied to DKIM domains. > Well, d= won't identify the original sender at all, in the case of > individuals sending to a mailing list. It'll identify the domain of > their ISP, nothing more. Well, right. You'd be basing decisions on validated DKIM "d=" values. > Tunneling DKIM signatures through MLMs doesn't seem to be the missing > bit of technology needed to do this. > > If the MLM signs any email it sends then you have some level of trust > in any information it annotates the mail with. Yes, and A-R provides a mechanism for doing that as well. It's mentioned in the MLM draft too. > *If* it were possible to identify the original email author in some way > (S/MIME, PGP, some private shared secret approach....) the MLM could > annotate the mail with that information, and you could trust it enough > to filter on. If the MLM doesn't have enough information to identify > the original email author, it's unlikely you do either - whether > there's a second DKIM signature or not. Why the last part of that? > [1] It's something that'd be useful, though - it's been on my TODO list > for about two years to add exactly this to our CRM system, via end-user > thumbs-up / thumbs-down buttons. We have that at Cloudmark, and there's an open one as well. I'm trying to figure out if and how such a system could be used when correlated with DKIM signatures. _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html