[ietf-dkim] draft-ietf-dkim-ssp-02.txt Discardable/Exclusive
Steve Atkins
steve at blighty.com
Fri Feb 8 13:28:22 PST 2008
On Feb 8, 2008, at 1:19 PM, MH Michael Hammer (5304) wrote:
>
> I'm referring to mail that would be checked by DKIM against the From
> email address (not the pretty name). My bad for assuming the scope of
> the discussion was limited to what DKIM and DKIM-SSP can actually
> address. If that isn't the scope then we might as well say that
> asserting something in SSP doesn't stop people from speeding in
> automobiles. This isn't about silver bullets. DKIM addresses
> particular
> issues. If you prefer a constraining "where" clause then consider
> any of
> my comments on the list as constrained by "For those things addressed
> through the use of DKIM signing and DKIM-SSP.....". Having said that,
> there are receivers out there that do look for mismatches between From
> pretty name and email address or mismatched links in the body of the
> email. This is one of the reasons that we have structured our emails
> the
> way we have. If there were a mechanism that allowed me to
> automatically
> communicate this I would do a little jig. Instead I have one-on-one
> discussions with various receivers.
You can't say "receiver checking DKIM and/or SPF would stop 100%
of fraudulent emails" and then redefine "fraudulent emails" as "mails
stopped by receiver checking of DKIM and/or SPF".
DKIM+SSP will only ever stop a tiny fraction of "illegitimate" emails,
and pretending otherwise doesn't lead to an honest evaluation of the
benefits and drawbacks of it.
Cheers,
Steve
More information about the ietf-dkim
mailing list