1: 1 (was RE: [ietf-dkim] Re: ISSUE 1525 -- Restriction to posting
by firstAuthorbreaks email semantics)
Jim Fenton
fenton at cisco.com
Wed Jan 16 22:24:49 PST 2008
John L wrote:
>>> How does an SSP-like protocol do that? Assertions like "I am a phish
>>> target" don't do it.
>>
>> Why not?
>
> Because you (the generic you, whoever publishes SSP) aren't credible
> short of some reputation system which would make SSP irrelevant anyway.
Depends on the nature of the assertion. If the assertion is "I'm a good
guy" or "I send virus-free messages" the receiver isn't likely to
believe me. If the assertion is "Be very careful about messages coming
from my domain", why shouldn't the receiver pay attention to that?
>
> It's fine to make statements about your own practices, like "I sign
> everything" or "All of my mail is composed in iambic pentameter" since
> that reflects things you have control over. Claiming you're a phish
> target is making assertions about the behaviors of zillions of other
> senders who you don't even know.
With respect to a domain likely to use SSP (such as a domain used only
for transactional messages), who are these zillions of other senders,
and why should that domain be concerned about them?
-Jim
More information about the ietf-dkim
mailing list