ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] A more fundamental SSP axiom

2006-08-04 09:47:35
On 8/4/06, Michael Thomas <mike(_at_)mtcc(_dot_)com> wrote:
John L wrote:

>>> I don't see the point.  That last suggestion is, to the recipient,
>>> the equivalent of a useless "I sign some mail" since you're telling
>>> the recipient it's OK to accept some amount of both signed and
>>> unsigned mail.
>>
>
>> For us, the amount of mail that is in the false positive quandry is
>> really really small, though the people it would effect primiarly are
>> people who could make it a living hell in IT. A policy which is more
>> relaxed could, however, say that it's well worth the effort be
>> extremely cautious about such mail -- a far higher barrier to entry
>> than the current one-size-fits-all filters.
>
>
> But you're talking about your own mail here, for which I expect that
> you have all sorts of special treatment.


No, I'm concerned about how others will treat it. I don't have to publish a
policy to differentially treat that mail for myself.


If I read this right, I think he was saying- Do unto others...


>
> I'm trying to think about what I'll do when DKIM is in wide use, I get
> mail from thousands of sources that publish SSP info.  If SSP says "I
> sign everything" I have trouble figuring a use for it other than a
> flat reject of unsigned messages or at least 4.9 points in a five
> point scoring spam filter.


That's the problem: if you do that, domains like Cisco -- or anybody else
who uses mailing lists -- will *never* publish a "we sign everything" policy
even though we do. I hardly think that Cisco is a outlier here, and in fact
I expect that we'd be pretty similar to just about any medium to large
sized business.

>   I REALLY do not want an SSP that says "I sign everything, and here
> is my estimate on a 0 to 10 scale of how much you should care."

I assume that you'd complain if it boiled down to a single bit?

0: "mail from this domain may transit manglers, adjust accordingly"

So basically a 0 means: I have a published a record just so you have
to do more CPU/DNS work... because you are going to have to accept it
anyway.

1: "the signature should always be intact"

I think this should be assumed. If it's not, refering to the above-
Don't publish a record.


Regards,
Damon Sauer
_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html