[ietf-dkim] SSP = FAILURE DETECTION

[Douglas Otis]

On Sep 12, 2006, at 9:41 AM, Thomas A. Fine wrote:

> Without SSP, users have two opportunities for making mistakes in  
> verifying their mail.  They can fail to notice that it is unsigned,  
> or they can fail to notice that it is from a wrong domain.

SSP that blocks unsigned messages still offers a large opportunity to  
get this wrong.  Phish commonly avoid using the exact domain to avoid  
being filtered.  You are assuming visual examination of a domain is a  
reliable, but it is not.  There are still too many being fooled to  
curtail this criminal activity.  The majority of users only see the  
Display name without additional clicks.  We are also entering an era  
where it is also likely that the character repertoire being used is  
unknown.

> With SSP, users only have to look for the wrong domain, because  
> they should never see the unsigned mail.

Unsigned email might be block unless the email-address domain wants  
access to common services, or wants reliable delivery, or the  
verifying domain does not block based upon this policy.  Will this  
blocking strategy lead to legal obligations of blocking these messages?

> Maybe someone who's an expert in human factors can relate this to  
> statistical decrease in errors by the user.  My feeling is that the  
> less a user has to worry about, the more likely they are going to  
> successfully examine their message and determine it's origin.

Provide the user a strong trustworthy annotation that:
  a) the email-address within the message matches the one in their  
address-book,
  b) and that this email-address has been asserted valid with DKIM.

This strategy does not require providers to block any message,  
grandma to get out her magnifying glass, or junior to reconfigure  
grandma's the client to use 14 point font, not display translated ACE  
labels or display names and to post next to her display terminal the  
exact spelling of her important transactional email domains.

-Doug