This one time, at band camp, Marco d'Itri said: > On Oct 04, Stephen Gran <[EMAIL PROTECTED]> wrote: > > > Does signing a mail tell me something about the origin that the IP layer > > doesn't already tell me much more cheaply? > You are missing the point: maintaining reputation data associated to IP > addresses is not cheap at all nor very reliable, because IP addresses > tend to change and mail to be forwarded. > DK/DKIM (and partially SPF) solve these problems by allowing receivers > to reliably associate reputation data to domains instead of IP addresses.
So, if only the entire internet would change how they handle mail and participate in $pet_scheme, we could do something about email problems? I refer you to the FUSSP. > BTW, this means that there is no point in signing lists.debian.org mail > traffic unless the listmasters are aware of requests for this by large > mail receivers. > Since lists.debian.org is not routinely forged nor it is a phish target > there is also no point in signing it to "prevent forgeries" (nobody > relevant associates negative reputation to a missing DKIM signature). > Since currently these two are the only practical uses of SPF/DK/DKIM I > argue that signing lists.debian.org mail is not needed. > > > I'm personally not all that impressed with any of the sender > > verification schemes - so far they all seem to be set up to allow bulk > > senders to pretend they're not just spammers with nicer suits. > There is a huge number of bulk senders which are not spammers. If this > is not clear to you then you should not be allowed close to important > mail servers. There are, in my experience, very few bulk senders that don't harbor spammers. I know that that's not how they sell themselves, but that doesn't change reality. Again, please see the FUSSP for details. -- ----------------------------------------------------------------- | ,''`. Stephen Gran | | : :' : [EMAIL PROTECTED] | | `. `' Debian user, admin, and developer | | `- http://www.debian.org | -----------------------------------------------------------------
signature.asc
Description: Digital signature
