----- Original Message -----
From: "Scott Kitterman" <ietf-dkim(_at_)kitterman(_dot_)com>
By the time you get to the MUA, IMO, the battle is over.
SSP is an MTA level tool to solve an MTA level problem. I'd
rather keep the users out of this entirely if possible (I know
it won't be possible, but it should be minimized).
Well, you do follow the top industry concerns.
In a recent survey (see InformationWeek, Sept 12, 2005) by Messaging
Security Market Trends 2005-2008, of the 115 companies surveyed:
- 66% struggle to provide adequate storage.
- 66% have inadequate email archiving.
- 40% say large attachments is taxing their system.
- 50% have internal compromise systems (employees w/ viruses).
- 50% reported employee-related problems (non-business work).
- 33% reported BANDWIDTH problems due to employee's
over subscribing to mailing list and news letters.
- 50% reported employees emailing confidential information.
The bottom line is two things:
1) Deterministic methods are required for preventive measures to
reduce the wasteful acceptance of mail that will no doubt be
exploited if DKIM SSP verification is relaxed. i.e. don't
don't on heuristic systems only.
2) Controlling the external usage of high-value domains by
employees and users. DKIM with SSP will help.
Hector Santos, Santronics Software, Inc.
ietf-dkim mailing list