Hi Rob, Donald,
At 01:40 PM 02-04-2025, Rob Sayre wrote:
The fact that the different technologies make different tradeoffs
doesn't seem too interesting. Otherwise, we would only have one way.
At IETF 122, Pete Resnick made the point that there is a tradeoff
between security and deliverability, at least for now. You have to
do some of those things in the IANA registry for deliverability.
Rob mentioned deliverability. That's a good way to look at the
question in my opinion. My experience of what people refer to as
DKIM is that some mail providers recommend that the sender uses DKIM
for the receiver to deliver the email. There is a perception that
the email will end up in the recipient's inbox. What happens in
practice is that the email sometimes end up in the recipient's junk
box. The decision taken by the recipient's provider has nothing to
do with security.
Here's the results of a DKIM evaluation of an email:
dkim=fail reason="signature verification failed" (2048-bit key)
header.d=outlook.com header.i=@outlook.com header.b=AOFaZH2A
The email was sent from a server hosted on a network operated by
Microsoft over SMTP using the TLS_AES_256_GCM_SHA384 cipher. A
"dkim=pass" would not have told me much as I can tell by glancing at
the email that it is a special offer (some people call it spam). An
operator would have a cookbook to filter those special offers. I
would not list the cookbook under security considerations.
I don't use the things listed in that (header field) IANA registry
for deliverability.
Regards,
S. Moonesamy
--
last-call mailing list -- last-call@xxxxxxxx
To unsubscribe send an email to last-call-leave@xxxxxxxx
