[ietf-dkim] SSP = FAILURE DETECTION
dotis at mail-abuse.org
Mon Sep 11 10:22:28 PDT 2006
On Sep 11, 2006, at 8:04 AM, Thomas A. Fine wrote:
> With SSP, I can only receive mail that looks ALMOST like it is from
> one of my orgs. This is huge. This gives the user layer the
> ability to quickly, accurately, and precisely differentiate between
> fake and real messages. That's what SSP accomplishes.
When a strong email-address policy assertion that disrupts the use of
common services might block exact spoofs. SSP does not differentiate
> As far as what happens in the user layer, no specification can
> control that. We can certainly predict that a significant number
> of people will still fall for look-alike domains.
An association with a retrained email-address will curtail look-alike
attacks and clarify which messages are "real." For this, the signing
domain must offer an assurance that the email-address is valid as well.
> But this is vastly different than people falling for the exact
> valid email address they were expecting.
Deploying just this mechanism will likely provide a minor impact upon
the spoofing success rate. It may however have a major impact upon
the delivery rate of valid messages.
> What are we here for if we aren't here to fix that?
To offer a comprehensive solution that offers genuine protection
without impairing email delivery.
More information about the ietf-dkim