Thank you for pulling that together. I think that was an excellent writeup.
One point I'd like to pull the thread on is the word drop. Rather that drop,
I think it would be better to say reject. I'm taking the word drop to mean
delete here.
I think that deleting messages that fail an SSP test is not good for the
overall reliability of the e-mail ecosphere as there is no indication to
either the sender or the receiver (at the user level) that a message has not
been delivered. This raises uncertainty. If messages are rejected (SMTP 550
at the end of DATA), then legitimate senders will be notified of the failure
and can take action to rectify the problem without the backscatter risk
associated with accept then bounce.
I think that rejecting messages meets the goal that is stated here without
adding risk or uncertainty.
Scott K
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html