W3C home > Mailing lists > Public > public-usable-authentication@w3.org > June 2006

Re: Why SPF and DK are not being used

From: James A. Donald <jamesd@echeque.com>
Date: Mon, 19 Jun 2006 11:23:57 +1000
Message-ID: <4495FCAD.2060104@echeque.com>
To: Amir Herzberg <amir.herzberg@gmail.com>
CC: public-usable-authentication@w3.org, pbaker@verisign.com

     --
James A. Donald:
 > >     Authentication without reputation management is
 > >     useless.  The purpose of authentication is to
 > >     support reputation management. DK and SPF are
 > >     attempting to walk around on one leg.

Amir Herzberg wrote:
 > I agree on the importance of reputation and/or penalty
 > mechanisms (that's where most of my work in this area
 > is). However, I think you are a bit carrying it too
 > far. DKIM, and even SPF, allow organizations to use
 > whitelisting; that's already valuable (and of course,
 > it is also a basic reputation system, so you are not
 > wrong

Yes, but I cannot usefully whitelist senders of
authenticated messages either, which means no one has
much incentive to authenticate their mail.

In a previous post, Hallam-Baker, Phillip wrote
: :	This is why we began circulating the VeriFied
: :	Domains List which has over 100,000
: :	authenticated domains listed on it.

If I could whitelist authenticated emails from domains
on his list, plus various random friends and relatives,
that would be useful to me.  If lots of people started
whitelisting, then suddenly domains would want to use DK
and SPF.

     --digsig
          James A. Donald
      6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
      VdTVET6A0Z/r3TptDMcvBKZlqs1Wlmedt6d6I20g
      4JuH0WpKw+myB69OShDYGfuvGN6Bg/6sPwkaBt/Qw
Received on Monday, 19 June 2006 01:24:03 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 19:53:15 UTC