On 02/05/05, Douglas Otis <dotis@mail-abuse.org> wrote:
On Sat, 2005-02-05 at 19:10, J.D. Falk wrote:
On 02/05/05, Douglas Otis <dotis@mail-abuse.org> wrote:
DK or IIM makes it clear who is administering the server and this authentication permits reputation assessment. Add an account identifier, and the problem is nailed.
Ah, so you're saying that only the reputation of individual e-mail addresses is worth paying attention to? How do you expect that to scale to billions of messages per day?
Without authenticating an identity, it must not be used in a reputation assessment. Currently this is commonly done by using the remote IP address authenticated through the action of transport. In the name space there are two options, the HELO and a validated signature. DK and IIM are attempting to allow the signature solution to scale.
Heh, you don't need to convince me that DomainKeys is a good idea. I just don't see how you're jumping from the issue of end-user authentication (which is not free from zombies, as others have explained already) to domain-level reputation. Where's the link? If you're talking about adding user-level signatures to something like DomainKeys (which we already have in s/mime), how do you propose to scale that to interact with the reputation determination for billions of messages per day? -- J.D. Falk uncertainty is only a virtue <jdfalk@cybernothing.org> when you don't know the answer yet