ietf-dkim
[Top] [All Lists]

[ietf-dkim] SSP; Is it safe and fair?

2006-01-04 15:08:58
On Jan 4, 2006, at 12:02 PM, Scott Kitterman wrote:
On 01/04/2006 14:20, Douglas Otis wrote:

SPF and SSP will have similar problems. With SPF, you have pointed out the RFC1123 5.3.6(a) issue that may cause those concerned with the resulting disappearance of messages to use the '?' qualifier, which is fairly common.

This is completely contrary to my experience. Because I use shared MTAs, almost all e-mails I send have an SPF NEUTRAL (?) result.

This is agreeing open-ended authorizations are not uncommon? SSP also relies upon this open-ended method for similar reasons. For as long as a domain has not become the target of abuse, why would there be a problem? When used as an identifier, as purported by Sender-ID for example, protection of one's email-address domain's reputation relies more upon luck and not design. Moving closer to using "closed" authorizations will likely also require adoption of the PRA header selection algorithm or waiting for some rather major changes to occur. : (

So, even if you start out with the premise the SSP is like SPF (I don't think that's right either), nothing that follows in the original e-mail is correct.

Are you suggesting the email-address domain owner providing the authorization will never be held accountable for the type of authorization they use? It is not surprising to see a strong desire by providers to shift the burden of reputation onto the email-address domain owner, but this is not fair for many reasons.

What protection does an "open-ended" authorization provide the recipient? How could this be considered safe? Even assuming a "Closed" authorization were used, this also relies upon the visual examination of the email-address, which is often not shown to the recipient. Is there an assumption that the MUA must be altered to take advantage of the DKIM signature? If that is the case, why not use recognition rather than authorizations, as this offers far greater safety.


-Doug






_______________________________________________
ietf-dkim mailing list
http://dkim.org