I think we're in violent agreement. I don't see anything
particularly wrong with SSP, but as far as I know it's still
just a paper design which makes it a poor candidate
for standardization at this point.
I can shed some light on that point. I've got thousands of domains using
DKIM (that means with SSP) processing ALL EMAIL through SSP (except validly
signed messages that match the FROM). This is enabled by default.
WebTrends tells me I had 1,826 downloads of my DKIM-enabled MTA just today
(and today ain't over yet). Since July 26 when I first released it there
have been 65,392 downloads of it. Assuming people don't download 30-meg
installers for no reason that means there are a lot of DKIM capable servers
being trialed and operating in the wild right now. And I need to stress,
I'm _NOTHING_. Once I talk some of my competitors into getting on board
with me (which I can and they will) the number can really ramp up fast.
This scale is not ideal but it's not at all like SSP only exists on paper.
It would be better if Yahoo or Google or somebody implemented it but this
will come when they are ready. Finally, our open-source API on sourceforge
fully supports DKIM (that means SSP).
The problem I have is that I can't populate DNS with the required entries
for my customers automagically and they are mostly all incapable of doing
this on their own. If I could just solve that problem somehow.... working
on it. But, I can and do enable the verifier by default. So, what this
means is that SSP checks are getting a workout but there are very few actual
SSP records so I can't comment from the field on the utility of SSP as it
exists today. I can comment if I hear DNS performance related problems
though. I haven't heard any yet and I've instructed my support folks to
report any performance related problem that is solved by switching off DKIM
verification. So far, so good and I will report to this list anything I
find out.
--
Arvel
_______________________________________________
ietf-dkim mailing list
http://dkim.org