- From: James A. Donald <jamesd@echeque.com>
- Date: Tue, 20 Jun 2006 20:53:52 +1000
- To: Amir Herzberg <amir.herzberg@gmail.com>
- CC: public-usable-authentication@w3.org
--
Amir Herzberg wrote:
> Why can't you whitelist regular correspondents with
> DKIM and SPF? The whitelisting may fail - when DKIM
> fails due to mangling (e.g. mailinglists), or when SPF
> mail is forwarded. But for many messages this won't
> happen and whitelisting will work, reducing false
> positives (and saving cycles). A significant fraction
> of email senders already use SPF and/or DKIM; I should
> expect filtering tools to start taking advantage of it
> for whitelisting.
They should, but as yet, they don't.
> It is, imho, still too early in the deployment
> process, to say that receivers will not use DKIM and
> SPF for whitelisting.
The intended model, the conduct recommended by the
advocates of DK and SPF, is that we discriminate against
unauthenticated mail, and in favor of authenticated
mail. But there seems no good reason to do this. The
spammers are early adopters of authentication. It does
not matter much if mail is authenticated. What matters
is *who* it is authenticated as coming from, not whether
it is authenticated as coming from someone, but whether
it is authenticated as coming from someone who we
suppose is worth paying attention to.
> But I wonder (again) if these subjects are appropriate
> to this list or should move to a different forum.
Well the title of this list is "public usable
authentication"
I assumed that it was for discussing authentication
technologies that are or might come to be used by the
general public. Am I wrong?
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
ZtWnc5DEhgnP8+Yufl2jE7IOqwoee+JWBDBtlxLD
4loSVGriDho698TuWPC3cuJW9qpOJwZbYCSHatrZc
Received on Tuesday, 20 June 2006 10:54:03 UTC