[ietf-dkim] SSP = FAILURE DETECTION
hsantos at santronics.com
Fri Sep 8 12:34:33 PDT 2006
----- Original Message -----
From: "Steve Atkins" <steve at blighty.com>
>> Whats the purpose?
> The purpose is that the recipient knows who is responsible
> for the mail.
And you honestly believe there is no product liabilities here? I really
don't care who is responsible as long as its not me for incorrectly passing
on potentially harmful mail to users. That is not my business. However,
what I am interested in is eliminating the non-compliant transactions!!
> If the signature is good, then the recipient can A) send
> feedback to the right place and B) use the senders reputation
> to make decisions about delivery
But where was the acceptance criteria in the first place? That it passed
the DKIM test?
> If the mail is unsigned then we're at status-quo.
I disagree (and so does SSP, DSAP, etc). Absolutely not. It is no longer a
Legacy Mail operation once DKIM is a presumed default behavior. I see
product liabilities issues such as neglect and malpractice if an user was
harm because a protected domain was passed as a unsigned MAIL by a
DKIM-READY receiver to her end-users.
Sorry. I am not really to take on that product liability.
> That's it.
If it was really that simple.
> SSP is a different matter. The cynic in me says that the
> sole purpose of SSP is to affect the deployment of DKIM.
That's funny because one would naturally think it is the other way around.
SSP would of been done along time ago if it was wasn't original proof of
concept by a group promoting a concept that is written in stone to be out of
This is our product installation and usage opinion:
As I mentioned to you last year, you would be better off not even supporting
DKIM because you risk harm to your mail broadcasting business (domains) when
receivers begin to see the increase abuse but this time, an abuse with odd
and strange "DKIM" fingerprints.
By supporting DKIM, you are in a new non-legacy mail transaction
considerations. You have evolved to a new level of expectation where
NON-COMPLIANCY and FAILURE will not be tolerated.
The mail market is already plaque with a multi-billion industry wide abusive
spam problem primarily based on the exploitation of a legacy mode of
Without a doubt, the direction is to be proactive and pre-emptive which
means there is a HUGE payoff by eliminating the bad as soon as possible in
the transport process. The obvious dissemination is among the extremely high
rate of malicious transactions. Unfortunately, this was not really possible
in the legacy market - hence the world-wide problem.
What was missing is moving the mail transaction into a new level of
expectations where new strict TRANSPORT and/or PAYLOAD rules can apply.
Once you step up to DKIM, you are now putting on a brand new suit where you
better tie the bow right, put the socks and suspenders on correctly.
So no, it is not a status quo. There are new rules, new legal mode of mail
DKIM processing is not cheap and anyone who says its a "plug and play"
solution simply doesn't know what they are talking about. There is an big
investment and any "overview" who says otherwise is simply not correct.
But for the majority of the world market encompassing mostly SMB, for a wide
adoption to accept DKIM processing, there has to be a payoff and looking for
only for the GOOD needle in the haystack simply isn't going to cut it in the
Finally, lets not forget DKIM needs to fit into a framework on currently
solutions. Most people are not going to eliminate these working solutions
for a vague idea based on DKIM-BASE that promoters are having a hell of a
time selling to anyone now.
Hector Santos, Santronics Software, Inc.
More information about the ietf-dkim