[ietf-dkim] SSP sender expectations
hsantos at santronics.com
Tue Dec 4 05:54:33 PST 2007
Patrick Peterson wrote:
> Not to speak for Scott K but I do not believe he was saying senders
> expected certainty about internal filtering. SSP explicitly says this is
> not the case.
> Here's my spin:
> As a sender the ability for me to state my desired (NOT DICTATED)
> receiver policy increases the likelihood that this policy will be
> considered and honored.
> Senders that cannot state a desired (NOT DICTATED) receiver policy are
> guaranteed such a policy will not be considered nor honored.
> I desire a SSP that allows senders to state strict/deny. I care not a
> whit what others do with such a policy but I feel it is beneficial
> because senders want to state such policies and I can build a better
> receiving system that takes it into account. Why should this be withheld
> from the Internet because others think it's not useful for them?
+1. It really can't be that simple? Could it? I mean, why would I
bother to the extremes of processing a DKIM header/body if the end
result is indeterminate? Its like getting a gun without bullets!
Mr. Levine is correct about one thing - SSP has been made overly complex
to the point it is pretty a sure bet it is guaranteed to fail (not pass
In theory, there is two fundamental ideas here:
- You sign, you expect me to check, you get judged!
- if you don't sign, and you want me to check a policy
and find that you were supposed too, you get judged!
But once you watered it down, then you begin to reduce the payoff and
worth of the system. It becomes only beneficial in specialized
operations with a high potential of abuse outside that specialization.
PS: SSP does not dictate receiver behavior :)
and the irony is that raw DKIM *does* dictate receive behavior!
The Receiver either processes DKIM or it doesn't. But if it does, there
is a militant inherent policy of "Ignore if Failure." Forget that it
was ever signed.
IMO, this inherent DKIM policy defies logic and this makes SSP even
harder to work out. It is the #1 flaw of the system and in my book,
possibly the ultimate consideration if DKIM will become widely adopted
or not. It policy, done to appease the mailing list people, will
continue to be a thorn on DKIM's side until it is resolved or addressed
by some means.
Hector Santos, CTO
More information about the ietf-dkim