[ietf-dkim] Should DKIM drop SSP?
dotis at mail-abuse.org
Wed Oct 26 16:24:32 PDT 2005
On Oct 26, 2005, at 3:32 PM, Scott Kitterman wrote:
> No we should not.
> Is there anything in this line of reasoning that isn't duplicative
> of the last
> time we went through your view on this in August?
At that time, if I recall, the problem was related to shared systems
and possible unfair accrual of reputation based upon the email-
address. This issue was left open. Since then, SSP has become more
disruptive of typical email use. Unfortunately such disruption by
SSP is _required_ before benefits are derived with respect to
repudiating invalid messages. Such disruption would not occur when a
relationship to the email message transport is used as the basis of
the policy, rather than the author.
Risks to valid messages associated with these policies and a lack of
a defensive strategy remain the greatest risks to a successful
outcome. There are several that see From email-address authorization
mechanisms as the means for abating spam. I see this as a dead-horse,
but this aspiration has remained constant and seems to accompany a
willingness to inflict significant damage upon the email transport.
As you do not want SSP to drop policies related to the From header,
what are the trade-offs being made when SSP policies are applied in a
manner that allows repudiation of messages from Bad Actors?
Can you acknowledge the trade-off and defend this choice?
More information about the ietf-dkim