[ietf-dkim] Re: Some concerns with SSP impact on very
small businesses
Jim Fenton
fenton at cisco.com
Wed Jan 9 07:28:46 PST 2008
Frank Ellermann wrote:
> Jim Fenton wrote:
>
>
>> We need to make every effort to make everyone know that publishing
>> 'all' or (particularly) 'strict' is not something that is done
>> lightly.
>>
>
> +1
>
> It is similar for publishing PRA FAIL and SPF FAIL, so you are
> not forced to start this education from scratch. In a nutshell
> policies allowing efficient identification of *suspicious* mails
> will cut both ways, and limit some uses possible without such
> policies.
>
Unfortunately, I see efforts to encourage publication of SPF/SenderID
-all records without explaining all the implications of that so the
"education" being done there may not exactly be helpful.
>> I know of tools that are under development to help domain owners
>> know from where mail from their domains is being sent, and
>> hopefully this will raise awareness too.
>>
>
> It's possible to use the SPF and PRA "exists" mechanism to figure
> this out, but for SSP with its "first author" you'd miss exactly
> the interesting cases (for SSP) if you log Mail From or PRA uses.
>
I'm not sure I understand exactly what you're getting at, but if you
mean that the definition of author/responsible/From domain is different
in SPF, PRA, and SSP, that's true, and if the tool doesn't take that
into account, it might miss some interesting cases.
-Jim
More information about the ietf-dkim
mailing list