W3C home > Mailing lists > Public > public-usable-authentication@w3.org > June 2006

Re: Why SPF and DK are not being used

From: James A. Donald <jamesd@echeque.com>
Date: Tue, 20 Jun 2006 20:53:52 +1000
Message-ID: <4497D3C0.6060607@echeque.com>
To: Amir Herzberg <amir.herzberg@gmail.com>
CC: public-usable-authentication@w3.org

Amir Herzberg wrote:
 > Why can't you whitelist regular correspondents with
 > DKIM and SPF? The whitelisting may fail - when DKIM
 > fails due to mangling (e.g. mailinglists), or when SPF
 > mail is forwarded. But for many messages this won't
 > happen and whitelisting will work, reducing false
 > positives (and saving cycles). A significant fraction
 > of email senders already use SPF and/or DKIM; I should
 > expect filtering tools to start taking advantage of it
 > for whitelisting.

They should, but as yet, they don't.

 > It is, imho, still too early in the deployment
 > process, to say that receivers will not use DKIM and
 > SPF for whitelisting.

The intended model, the conduct recommended by the
advocates of DK and SPF, is that we discriminate against
unauthenticated mail, and in favor of authenticated
mail.  But there seems no good reason to do this.  The
spammers are early adopters of authentication.  It does
not matter much if mail is authenticated.  What matters
is *who* it is authenticated as coming from, not whether
it is authenticated as coming from someone, but whether
it is authenticated as coming from someone who we
suppose is worth paying attention to.

 > But I wonder (again) if these subjects are appropriate
 > to this list or should move to a different forum.

Well the title of this list is "public usable

I assumed that it was for discussing authentication
technologies that are or might come to be used by the
general public.  Am I wrong?

          James A. Donald
Received on Tuesday, 20 June 2006 10:54:03 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 19:53:15 UTC