ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] A more fundamental SSP axiom

2006-08-04 08:58:13
John L wrote:

Part of the problem here is the past record of SPF with over-zealous 550 if there's any hint of bogosity. We, for example, would be forced to take down a "we sign everything" policy if that were to happen with DKIM -- even though we'll be signing everything pretty soon. If there were a qualifier in the "I sign everything policy" that specifically implies that sending a 550 based on a missing DKIM signature alone is extremely bone-headed" then maybe we can both.


I don't see the point. That last suggestion is, to the recipient, the equivalent of a useless "I sign some mail" since you're telling the recipient it's OK to accept some amount of both signed and unsigned mail.

For us, the amount of mail that is in the false positive quandry is really really
small, though the people it would effect primiarly are people who could make
it a living hell in IT. A policy which is more relaxed could, however, say that it's well worth the effort be extremely cautious about such mail -- a far higher barrier to entry than the current one-size-fits-all filters. This would be justified because a) the high scruitiny class would be a small subset so that extra scrutiny wouldn't incrementally cost much (if anything), and b) this is the kind of mail
that you really really want to be cautious about anyway since it's where the
phishing attacks are happening.

So no, I don't think it's useless at all. It provides a means to classify mail
in much more precise buckets so that the analysis budget can be more
sensibly divided.

      Mike
_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html