Re: Why SPF and DK are not being used

James A. Donald wrote:
> Amir Herzberg wrote:
> > I agree on the importance of reputation and/or penalty
> > mechanisms (that's where most of my work in this area
> > is). However, I think you are a bit carrying it too
> > far. DKIM, and even SPF, allow organizations to use
> > whitelisting; that's already valuable (and of course,
> > it is also a basic reputation system, so you are not
> > wrong
>
> Yes, but I cannot usefully whitelist senders of
> authenticated messages either, which means no one has
> much incentive to authenticate their mail.
Why can't you whitelist regular correspondents with DKIM and SPF? The 
whitelisting may fail - when DKIM fails due to mangling (e.g. 
mailinglists), or when SPF mail is forwarded. But for many messages this 
won't happen and whitelisting will work, reducing false positives (and 
saving cycles). A significant fraction of email senders already use SPF 
and/or DKIM; I should expect filtering tools to start taking advantage 
of it for whitelisting. It is, imho, still too early in the deployment 
process, to say that receivers will not use DKIM and SPF for whitelisting.

The problem will remain with non-whitelisted, new correspondents. 
Reputation, accreditation and penalty mechanisms should help there, and 
I think that's the next goal. And these mechanisms should work as 
`automated whitelisting` - don't apply content filtering to email with 
appropriate reputation/accreditation/penalty credentials.

But I wonder (again) if these subjects are appropriate to this list or 
should move to a different forum.

Best, Amir Herzberg

Received on Monday, 19 June 2006 05:48:54 UTC