1: 1 (was RE: [ietf-dkim] Re: ISSUE 1525 -- Restriction to posting
by firstAuthorbreaks email semantics)
Jim Fenton
fenton at cisco.com
Thu Jan 17 09:26:53 PST 2008
John L wrote:
>> Depends on the nature of the assertion. If the assertion is "I'm a
>> good guy" or "I send virus-free messages" the receiver isn't likely
>> to believe me. If the assertion is "Be very careful about messages
>> coming from my domain", why shouldn't the receiver pay attention to
>> that?
>
> Because, as I said in my previous message, you are making assertions
> about the behavior of people you don't know or control.
>
>> With respect to a domain likely to use SSP (such as a domain used
>> only for transactional messages), who are these zillions of other
>> senders, and why should that domain be concerned about them?
>
> I was under the impression that SSP was intended to deter unrelated
> senders from sending mail with your domain in the From: line, on the
> theory that such messages might be forgeries. Are you saying it's for
> something else?
Oh, you mean that I might assert "I'm a phishing target" when in fact
I'm not. In any case, nobody is proposing that assertion (nor the
iambic pentameter one, either). My point is that there are different
sorts of assertions: those suggesting that the receiver apply more
scrutiny to messages from my domain are likely to be believable even if
self-asserted, and those suggesting that the sender is a good guy are
only useful if coming from an accreditor or reputation system the
receiver trusts.
-Jim
More information about the ietf-dkim
mailing list