On Mon, 1 Aug 2011, Douglas Otis wrote: > This would be a safe method to extend policy without requisite two > party coordination as currently expected by DKIM.
The problem is that for the majority of From: domains claimed in incoming mail, the TPA approach is just as unfeasable as "two party coordination". The problem is not the lack of a language for the alleged-sender to express detailed policy -- it is that the alleged-sender doesn't have a fully detailed policy to express. The real communication barrier is between the DNS admin for a domain, and the end users who have mailboxes on that domain. An end-user would have to be exceptionally computer literate in order to help his admin publish a correct TPA policy. While *phishers* may see no point in forging that class of domain, a layered protocol (ADSP or successor/replacement) that makes no attempt to defend those domains is not worthwhile for me to deploy *as an MX admin*. Which means blatant phish with a single From: and no signature could sail right through. The best that the administration of such domains can offer, is a claim that the end-users have been trained to always use the official smarthost, and thus every non-mailing-list mail will be signed. It's weak, but it's far better than nothing. For some recipients, such as myself, it would be as useful as discardable. I know that anything that smells enough like a mailing list to invoke the loophole, yet hasn't already been diverted by my whitelists, is junk. ---- Michael Deutschmann <mich...@talamasca.ocis.net> _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html