[ietf-dkim] Should DKIM drop SSP?

[Douglas Otis]

On Oct 26, 2005, at 3:32 PM, Scott Kitterman wrote:

> No we should not.
>
> Is there anything in this line of reasoning that isn't duplicative  
> of the last
> time we went through your view on this in August?

At that time, if I recall, the problem was related to shared systems  
and possible unfair accrual of reputation based upon the email- 
address.  This issue was left open.  Since then, SSP has become more  
disruptive of typical email use.  Unfortunately such disruption by  
SSP is _required_ before benefits are derived with respect to  
repudiating invalid messages.  Such disruption would not occur when a  
relationship to the email message transport is used as the basis of  
the policy, rather than the author.

Risks to valid messages associated with these policies and a lack of  
a defensive strategy remain the greatest risks to a successful  
outcome.  There are several that see From email-address authorization  
mechanisms as the means for abating spam. I see this as a dead-horse,  
but this aspiration has remained constant and seems to accompany a  
willingness to inflict significant damage upon the email transport.

As you do not want SSP to drop policies related to the From header,  
what are the trade-offs being made when SSP policies are applied in a  
manner that allows repudiation of messages from Bad Actors?

Can you acknowledge the trade-off and defend this choice?

-Doug