[ietf-dkim] A few SSP axioms
Bill.Oxley at cox.com
Bill.Oxley at cox.com
Mon Jul 31 18:34:31 PDT 2006
As long as we all remember that bad actors can get a domain, populate
dkim keys and ssp then send spam until they are noticed and shutdown.
Policy will be by the receiver that a message that fails dkim/ssp is
flagged for a closer examination than a message that passes both dkim
and ssp but all mail will continue to be scrutinized.
Thanks,
Bill Oxley
Messaging Engineer
Cox Communications, Inc.
Alpharetta GA
404-847-6397
bill.oxley at cox.com
-----Original Message-----
From: ietf-dkim-bounces at mipassoc.org
[mailto:ietf-dkim-bounces at mipassoc.org] On Behalf Of John Levine
Sent: Monday, July 31, 2006 9:23 PM
To: ietf-dkim at mipassoc.org
Cc: ietf-dkim at kitterman.com
Subject: Re: [ietf-dkim] A few SSP axioms
>I think this is the key issue then and we ought to focus on it. In
>my view almost the entire point of a signing policy is constraining
>whose signatures are considere authorized by the domain owner.
I'm assuming that when you say authorized, you mean authoritative.
(English definitely has its shortcomings.)
A few scenarios:
Message from domain A, signed by A; does SSP matter at all?
Message from A, signed by B; A's SSP says B signs all its mail
Message from A, signed by A and B; does SSP matter? (I hope not.)
Message from A, signed by C; SSP says nothing about C.
R's,
John
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
More information about the ietf-dkim
mailing list