Damon wrote:
How is this any different than what we are doing with
reputation systems based on IP right now?
Maybe I'm only confused. But apparently we have two groups
here, some interested in "DKIM pure" without SSP, and others
interested in DKIM + SSP.
A "DKIM pure" signer talking with an "SSP aware" verifier (or
vice versa) should still work, no matter what the SSP of the
2822-From domain says.
If I were a less than honorable person, I would send all my
spam using someone with a good reputation (goodrep.com) as my
DSD. My sig fails because I purposely munged it, there is no
policy saying that this should definitely be rejected.
Because goodrep.com can not publish all of the domains that
it signs for, it is helpless to do anything about this.
Yes. In theory goodrep can check your SSP, but a "DKIM pure"
signer might not like this. Somebody proposed off list, that
goodrep should have a list of 2822-From domains it signs. I'm
not sure about this, is it acceptable for "DKIM pure" signers ?
There is no procedure in 4409 for "check the 2822-From", it
only offers a "MAY add Sender" option. Should signers "know"
what they are signing - beyond their "normal" authentication ?
The "MAY add Sender" option is already far from "normal", as
far as I can judge it (i.e. based on about five MSAs :-)
Frank
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html