[ietf-dkim] Re: the more reliable signature fallacy
nobody at xyzzy.claranet.de
Thu Jan 24 07:39:14 PST 2008
Michael Thomas wrote:
> With SPF you had the lure of doing all of your work at the 2821
> layer. That is, reject things before you've read the message.
Receivers can read the DATA and still reject a "FAIL", for SSP,
SPF, and PRA. Better than the lure to accept mails on probation,
a receiver deciding that it's "likely" spam post-SMTP is trapped:
Bouncing is bad, but dropping is also bad (for false positives).
Bouncing is okay for an SPF PASS, re-enforcing the way how SMTP
was designed in RFC 821. On the other hand SSP is a new concept:
Many users won't like it if they can't use "their" From-address
in places where it used to be okay before SSP restricted it, and
other users might be also surprised if "resend" requires to keep
the DKIM-signature valid for an SSP-protected From-address.
I'd consider a MUA as broken if it breaks an existing signature
for resent mail, but I can't judge how realistic my expectation
is - for starters I never used a MUA supporting to resend mails.
> This seems a lot more sensible and prudent to me as you're not
> elevating SSP to Silver Bullet status which is always suspect.
When receivers drop false positives they might find themselves
looking for a "prudent and sensible" court of justice. No SSP
problem, rejecting "suspicious" (non-compliant) mails is okay.
More information about the ietf-dkim