Stephen Farrell wrote: > "Policies can be open or closed. Open policies define a set of > conformant messages and are silent about other messages. Closed > policies define the set of conformant messages and other messages > do not conform to the policy. > If a domain owner publishes an open policy, and if some "bad" > unsigned messages apparently emanate from that domain then the > domain owner's reputation may suffer. > Closed policies can disrupt practices such as posting to list > servers, use of e-invites, and other similar services. > If unsigned mail from domains with open policies is treated > any better on the basis that the policy exists, then bad actors > will search for open policies in order to select the value for a > falsified From header. > Searching for a policy statement may have a significant cost and > bad actors can select messages so as to maximise this cost in > an attempt at DoS. > Policy statements inherently expose information about the domain > to which the policy is intended to apply. Bad actors can use > this information to select values for inclusion in messages." > I think (not that confidently mind you) that those statements > are correct, and if so, could imagine a wordsmithed version > ending up in the threats draft. Be interested in what others > think.
Jim could copy it as is to his draft, I like it, no further wordsmithing needed. Bye, Frank _______________________________________________ ietf-dkim mailing list http://dkim.org