[Asrg] where the message originated
Alessandro Vesely
vesely at tana.it
Mon Jan 12 04:44:53 PST 2009
John Levine wrote:
>
>>However, anyone can write "Gordon Peterson <gep2 at terabites.com>" on
>>that box's return address field. Do we really want that to be signed?
>
> Signed by KioskCo? Of course.
Hm.. I'm not much into DKIM. It technically allows to sign false
identities, but doesn't (or shouldn't) it semantically imply that the
signers must have some (possibly small but still positive) degree of
trust that what they sign is correct? In that case the question is
whether KioskCo would really want to sign that, and publish their
slyness in their policy.
> My point was that if all of KisokCo's kiosks apply the same signature,
> that will be a large enough mailstream that recipients can form an
> opinion of how good it is, even though the stream from each individual
> kiosk would be too small.
Although a critical mass is a common requirement of most anti-spam
measures, requiring some kind of threshold for each single sender is
more of a weakness.
More information about the Asrg
mailing list