×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

FEEDBACK REQUESTED: DKIM Sender Signing Policy Use Cases

Unanswered Question
Oct 18th, 2006
User Badges:

IronPort Nation,

I'd like to update you on the status of the DKIM initiative:

The DKIM IETF draft is in pretty good shape. There have been several iterations over the course of the summer and the recent version seems to be pretty solid, with only minor changes expected moving forward. Go here for a view: http://www.neophilic.com/~eric/DKIM/draft-ietf-dkim-base-06a.html

The focus now has shifted to Sender Signing Policy (SSP). SSP communicates how senders sign their outgoing mail and how verifiers should access and interpret DKIM verification results. It will tell receivers what to do with unsigned mail or invalid signature mail.

The IETF needs Industry input and IronPort is currently surveying leading customers, including the IronPort Nation members.

Below are a few questions/uses cases that we envision, can you review and comment?



1. What would you like receivers to do with your signed, unsigned and invalid signature email today? Remember unsigned and invalid signature email will be mostly spoofing, but can be your sent email.

2. What will you want receivers to do in the distant future when your are fully deployed and any kinks are worked out?

3. What, if any, feedback would you like when an email claiming to be from your domain is received by another organization and is lacking a signature or has an invalid signature?

4. Are there domains your company is responsible for that you would like to indicate never send mail (in order to prevent abuse)?

5. What use cases exist that would cause you to communicate signing policy that impacted 3rd parties (Email Marketing Service Providers, 'evite'-related issues?

6. Are there other use cases that merit consideration?

Thanks,

Nick Edwards
IronPort Systems

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
nedwards_ironport Mon, 10/23/2006 - 04:01
User Badges:

I've received some great feedback from one customer via email, anyone else have any thoughts on these use cases?

Thanks,
Nick

MikeK_ironport Tue, 10/24/2006 - 18:00
User Badges:

1. What would you like receivers to do with your signed, unsigned and invalid signature email today? Remember unsigned and invalid signature email will be mostly spoofing, but can be your sent email.

Once we are signing our outbound mail, and we have verified that none of our vendors are using our domains, I would like receivers to:
SIGNED - Accept, and possibly treat with special preference
UNSIGNED - Accept, and notify via feedback loop of some kind
INVALID - Accept and notify via feedback loop of some kind

2. What will you want receivers to do in the distant future when your are fully deployed and any kinks are worked out?

SIGNED - Accept, and possibly treat with special preference
UNSIGNED - DROP, and notify via feedback loop of some kind
INVALID - DROP and notify via feedback loop of some kind


3. What, if any, feedback would you like when an email claiming to be from your domain is received by another organization and is lacking a signature or has an invalid signature?

I would like a feedback loop of some kind, either like AOL's or perhaps Hotmail's. Samples are important though...

4. Are there domains your company is responsible for that you would like to indicate never send mail (in order to prevent abuse)?

YES

Actions

This Discussion