[ietf-dkim] draft-ietf-dkim-ssp-02.txt Discardable/Exclusive
Steve Atkins
steve at blighty.com
Fri Feb 8 19:11:00 PST 2008
On Feb 8, 2008, at 6:13 PM, Michael Thomas wrote:
> Wietse Venema wrote:
>> MH Michael Hammer (5304):
>>> Is DKIM checking sufficient in itself without SSP? How might DKIM-
>>> SSP
>>> help receivers (the 3 aforementioned as well as others) leverage
>>> their
>>> evaluation of received email whether signed (valid or not) or
>>> unsigned?
>> "known to be good" whitelisting can be done with DKIM-BASE alone.
>> SSP etc. is about the ABSENCE of valid signatures, and can help to
>> strengthen the "known to be good" whitelisting process.
>
> You've said this several times, but I don't think that's the range
> of all possibilities. Ag.com is a pretty good example of somebody
> that I as a receiver don't know but if they're willing to say
> "discard this if it's not signed", all other things being equal
> why wouldn't I?
Because a noticeable chunk of what you'd be discarding would be
legitimate mail that your users wanted. If an ISP pays more attention
to what senders want than what their paying users want, they don't
deserve to be in the business.
The driving factor for receivers is delivering mail that their users
want, and not delivering mail that their users object to.
That is at direct odds to the design of SSP (which is to not deliver
some small fraction of email both legitimate and otherwise).
> In any case, this is pretty squarely into the secret sauce of
> receiver filter logic, so I'm not sure what the point is about
> needing agreement; filters are certainly allowed to be more
> cautious which is how I read you.
Cheers,
Steve
More information about the ietf-dkim
mailing list