- From: Amir Herzberg <amir.herzberg@gmail.com>
- Date: Mon, 19 Jun 2006 08:47:55 +0300
- To: "James A. Donald" <jamesd@echeque.com>, public-usable-authentication@w3.org
James A. Donald wrote: > Amir Herzberg wrote: > > I agree on the importance of reputation and/or penalty > > mechanisms (that's where most of my work in this area > > is). However, I think you are a bit carrying it too > > far. DKIM, and even SPF, allow organizations to use > > whitelisting; that's already valuable (and of course, > > it is also a basic reputation system, so you are not > > wrong > > Yes, but I cannot usefully whitelist senders of > authenticated messages either, which means no one has > much incentive to authenticate their mail. Why can't you whitelist regular correspondents with DKIM and SPF? The whitelisting may fail - when DKIM fails due to mangling (e.g. mailinglists), or when SPF mail is forwarded. But for many messages this won't happen and whitelisting will work, reducing false positives (and saving cycles). A significant fraction of email senders already use SPF and/or DKIM; I should expect filtering tools to start taking advantage of it for whitelisting. It is, imho, still too early in the deployment process, to say that receivers will not use DKIM and SPF for whitelisting. The problem will remain with non-whitelisted, new correspondents. Reputation, accreditation and penalty mechanisms should help there, and I think that's the next goal. And these mechanisms should work as `automated whitelisting` - don't apply content filtering to email with appropriate reputation/accreditation/penalty credentials. But I wonder (again) if these subjects are appropriate to this list or should move to a different forum. Best, Amir Herzberg
Received on Monday, 19 June 2006 05:48:54 UTC