[ietf-dkim] user level ssp

[Steve Atkins]

On Sep 7, 2006, at 12:54 PM, Hallam-Baker, Phillip wrote:

>
>> [mailto:ietf-dkim-bounces at mipassoc.org] On Behalf Of Steve Atkins
>
>> On Sep 7, 2006, at 12:28 PM, Hallam-Baker, Phillip wrote:
>>
>>>
>>>> [mailto:ietf-dkim-bounces at mipassoc.org] On Behalf Of John Levine
>>>
>>> Mostly +1
>>>
>>> But there could be utility in the sender saying 'My email
>> is at very
>>> serious risk of being impersonated'.
>>
>> What is that utility? Please expand on what behaviour you
>> expect from the recipient and how that will differ from the
>> case where the sender does not say that.
>
> If I know that you are a self declared target of phishing and that  
> the consequences of letting a phish go through are considerably  
> more serious than a random impersonation spam I can adjust my spam  
> filters accordingly.
>
> In particular I would expect to filter out ALL mail automatically  
> in the case that ALL the following apply:
>
>   * The sender ALWAYS signs
>   * The sender declares themselves to be at risk of phishing attack
>   * The content is HTML
>   * There are URIs in the body of the text message
>   * The message has not been forwarded by a previously noted  
> intermediary.

How does that differ from the case where:

   * The sender ALWAYS signs
   * The content is HTML
   * There are URIs in the body of the text message
   * The message has not been forwarded by a previously noted  
intermediary.

I guess that the real question is  what's the difference between "I  
always sign"
and "I always sign and I get phished"?

The impression I'm getting, from several people, is that "I always  
sign" is already
being written off as likely to be ignored by recipients and that  
there needs to be
a "No, I really mean it!" modifier?

Cheers,
   Steve