W3C home > Mailing lists > Public > public-usable-authentication@w3.org > June 2006

Re: Why SPF and DK are not being used

From: James A. Donald <jamesd@echeque.com>
Date: Tue, 20 Jun 2006 20:25:09 +1000
Message-ID: <4497CD05.6050000@echeque.com>
To: "Hallam-Baker, Phillip" <pbaker@verisign.com>
CC: public-usable-authentication@w3.org

     --
James A. Donald
 > > Negative consequences are hard to impose across the
 > > net.

Hallam-Baker, Phillip:
 > True, but this has never been the part that has
 > worried me personally. There seem to be plenty of folk
 > willing to do consequences, probably too many.

I don't think so:

	We're public guardians bold yet wary
	And of ourselves we take good care
	To risk our precious lives we're chary
	When danger threatens we're not there
	But when we see a helpless woman
	Or little boys who do no harm…
	We run them in, we run them in
	We run them in, we run them in
	To show them we're the bold gendarmes

	When young men like to make a riot
	And punch each other’s heads at night
	We are disposed to keep it quiet
	Provided that they make it right
	But if they do not seem to see it
	Or give to us our proper alms…
	We run them in, we run them in
	We run them in, we run them in
	To show them we're the bold gendarmes

	Sometimes our duty’s extramural
	Then little butterflies we chase
	We like to gambol in things rural
	Commune with nature face to face
	But when we go back to our duties
	Refreshed by Nature’s holy charms…
	We run them in, we run them in
	We run them in, we run them in
	To show them we're the bold gendarmes

By and large, courts have worked for the spammers rather
than the spammed.

 > Lets get the criminal spammers first, then work on
 > consequences. I think that DKIM helps target the
 > consequences much better, it is possible to identify
 > the manager responsible for the spam run, it is
 > possible to measure reputation in real time.

DKIM does not identify the manager responsible.  It
identifies the domain name responsible, and the most
effectual remedy is to black list  the domain name.

And right now I have no usable sofware that will
blacklist and whitelist authenticated email on the basis
of the proven originating domain.

James A. Donald:
 > > Much of the time we are not really interested in
 > > ascertaining true names.

Hallam-Baker, Phillip:
 > That is a byproduct. The intention of the Class3
 > authentication process is to ensure a high degree of
 > probability of identifying the perp who applied for a
 > cert.

Right now no one gets CA certificates for their mail.
If you make it harder to get certificates, even fewer
would get certificates, were it possible for the number
to drop below zero.  Class three certificates are a wet
dream of certification authority accountants.

     --digsig
          James A. Donald
      6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
      cD42agYS5ZgdTl3MJ+xmSYJ5OQXcbOOlmn1GuGul
      4qZAcX8QKv5ybQx0Gdm8jcdMGn0US3Bd5Kw+EmJvk
Received on Tuesday, 20 June 2006 10:25:06 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 19:53:15 UTC