If the above is possible, how should/can it be avoided?
The usual approach is by using different domains. Disregarding the
courtesy forwarding swamp, it makes sense for a bank to say that its
transactional notices, e.g., "you're overdrawn", shouldn't be coming
from any place but the bank, and shouldn't be appearing on mailing
lists. On the other hand, it's perfectly reasonable for employees
to be participating in work-related mailing lists.
Yep. There are all sorts of categories besides these, of course. Stuff like
internal company mail doesn't need to "work" outside a company. In fact the
worse it works the better, in some sense.
Since there's different policies for transactional mail and mail from
employees and DKIM's granularity is domains, if you want to use DKIM
and SSP, you'd best send the transaction mail from one domain and the
personal mail from another. I see banks doing this already. Even the
small ones tend to have a bunch of domains for all the variants of
their name.
This behavior isn't limited to banks - other companies already do it too. Given
the small costs associated with setting up additional domains this makes
complete sense.
As others have noted, the current SSP is as much a straw man as a
practical candidate for implementation. Maybe we'll find a workable
way to get the granularity down lower, maybe we'll decide that the
current granularity is OK, maybe we'll discover that we need something
totally unlike SSP. But we don't need to solve any of this now.
Exactly right. And it is even possible that we'll end up with a document titled
"SSP-like schemes all considered harmful".
What we have is a very early draft. Nothing more. People seem to be arguing as
if this draft was in last call and needs to be problem free in its present
form. It isn't and it doesn't.
The only thing not working on SSP will accomplish is to let other, nonstandard
and largely unreviewed schemes propogate in this general space. This would not
be a good thing at all.
The only real arugment I can see for declaring SSP out of scope is if keeping
it will derail the DKIM effort as a whole. But as long as we have competent
chairs I see little chance of that happening, so I don't think the argument
holds water.
I would support the aadition of some language to the charter saying that should
a policy declaration mechanism be produced it must carefully discuss its
intended scope and elaborate any issues that can arise with its use. But that's
as far as I would go.
Ned
_______________________________________________
ietf-dkim mailing list
http://dkim.org