Dave Crocker wrote:
John L wrote:
I'm trying to think about what I'll do when DKIM is in wide use, I get
mail from thousands of sources that publish SSP info. If SSP says "I
sign everything" I have trouble figuring a use for it other than a flat
reject of unsigned messages or at least 4.9 points in a five point
scoring spam filter. I REALLY do not want an SSP that says "I sign
everything, and here is my estimate on a 0 to 10 scale of how much you
should care."
Right. SSP stands a much greater chance of being useful if it a) answers
questions we believe the receivers will want to have answered, and b) the
questions pertain to *simple* statements about signer/sender behaviors.
Certainly this kind of minimal model is essential for initial adoption and use.
What I have yet to hear is any sort of consituency for a monolithic
"i sign everything" beyond the statements(_at_)bigbank scenario. I really
don't buy John's small lawfirm scenario unless he can swear that none
of their users or correspondents use Yahoogroups; nobody is going to
tolerate the false positives except for a narrow class of transactional
mail. As such SSP would be extremely narrow and unuseful for the vast email
population to the point of being: why bother?
In any case, I already outlined a scenario for which a receiver would
find the additional information very interesting.
Mike
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html