ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] Re: SSP and DKIM, was Not exactly not a threat analysis

2005-08-23 17:47:59
I think we're in violent agreement.  I don't see anything
particularly wrong with SSP, but as far as I know it's still
just a paper design which makes it a poor candidate
for standardization at this point.

I can shed some light on that point. I've got thousands of domains using DKIM (that means with SSP) processing ALL EMAIL through SSP (except validly signed messages that match the FROM). This is enabled by default. WebTrends tells me I had 1,826 downloads of my DKIM-enabled MTA just today (and today ain't over yet). Since July 26 when I first released it there have been 65,392 downloads of it. Assuming people don't download 30-meg installers for no reason that means there are a lot of DKIM capable servers being trialed and operating in the wild right now. And I need to stress, I'm _NOTHING_. Once I talk some of my competitors into getting on board with me (which I can and they will) the number can really ramp up fast. This scale is not ideal but it's not at all like SSP only exists on paper. It would be better if Yahoo or Google or somebody implemented it but this will come when they are ready. Finally, our open-source API on sourceforge fully supports DKIM (that means SSP).

The problem I have is that I can't populate DNS with the required entries for my customers automagically and they are mostly all incapable of doing this on their own. If I could just solve that problem somehow.... working on it. But, I can and do enable the verifier by default. So, what this means is that SSP checks are getting a workout but there are very few actual SSP records so I can't comment from the field on the utility of SSP as it exists today. I can comment if I hear DNS performance related problems though. I haven't heard any yet and I've instructed my support folks to report any performance related problem that is solved by switching off DKIM verification. So far, so good and I will report to this list anything I find out.

--
Arvel



_______________________________________________
ietf-dkim mailing list
http://dkim.org