What I have yet to hear is any sort of consituency for a monolithic
"i sign everything" beyond the statements(_at_)bigbank scenario. I really
don't buy John's small lawfirm scenario unless he can swear that none
of their users or correspondents use Yahoogroups;
Well, actually, since Yahoo will certainly be DKIM signing its mail,
we can expect their reputation to be the one people use. In the more
general case, if they publish we sign everything and don't have a
policy against using a work address to join mailing lists, they get
what they get. Or if the only collateral damage is that people's
posts to Yahoo groups about embroidered kittens get lost, they won't
care.
nobody is going to tolerate the false positives except for a narrow
class of transactional mail. As such SSP would be extremely narrow
and unuseful for the vast email population to the point of being:
why bother?
Um, because there is a boatload of high value transactional mail? You
and I hardly send any transactional mail, but I recieve a whole lot of
it, and if it were easier to separate the real mail from HSBC from the
fake mail from HSBC, that would be nice. Or you may be right and SSP
is useless, which has been my feeling all along.
In any case, I already outlined a scenario for which a receiver would
find the additional information very interesting.
Speaking as a receiver, I have to say I didn't find that info either
useful or interesting.
R's,
John
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html