John Levine wrote:
However, anyone can write "Gordon Peterson <gep2 at terabites.com>" on that box's return address field. Do we really want that to be signed?Signed by KioskCo? Of course.
Hm.. I'm not much into DKIM. It technically allows to sign false identities, but doesn't (or shouldn't) it semantically imply that the signers must have some (possibly small but still positive) degree of trust that what they sign is correct? In that case the question is whether KioskCo would really want to sign that, and publish their slyness in their policy.
My point was that if all of KisokCo's kiosks apply the same signature, that will be a large enough mailstream that recipients can form an opinion of how good it is, even though the stream from each individual kiosk would be too small.
Although a critical mass is a common requirement of most anti-spam measures, requiring some kind of threshold for each single sender is more of a weakness.
_______________________________________________ Asrg mailing list Asrg at irtf.org http://www.irtf.org/mailman/listinfo/asrg