On Fri, Nov 11, 2005 at 11:08:35AM -0600, Earl Hood allegedly wrote:
On November 9, 2005 at 20:42, Scott Kitterman wrote:
No matter what you do with hueristics, you are only modulating an approach
that will only ever be so good. What we need is more deterministic
and less dependence on heuristics.
I think most will agree with this, but such solutions must be weighed
against the risk of legitimate email practices. As I view SSP now,
it will only have any real use for select domains where restrictive
email policies is justified,
Right. Though to underestimate the relevance of such "select" domains
would be a mistake. Just today Bank Of America made an announcement to
the effect that DKIM with SSP is very important to them. We get the
same message from many of these "select" domains. As a large provider
we will be actively encouraging those that can adopt a strict SSP, to
do so, so that we can oblige their protection needs.
That they are "select", as you put it, actually makes it easier to
semi-manually identify such domains prior to real reputation systems.
As you point out, there is certainly a large middle ground where SSP
will be of little value - I suspect the SSP for most large ISPs will
not add much value. However a lot of corporates already insist on
in-administration sending and a lot of very small personal-use domains
(such as my own) are well capable of advertising a strict SSP.
Having said all of that, I am at a complete loss as to much of this
debate. If SSP isn't formalized in this group then you can be certain
that bi-lateral or non-standard forms will emerge in parallel to
DKIM. Those "select" domain - and we large service providers - view
this component as too integral to authentication to forgo.
I for one, would very much prefer that work to say within DKIM, but if
the consensus is that it adds no value or is detrimental, then we
should make that decision and move on so others can do that work.
ietf-dkim mailing list