[Top] [All Lists]

Re: [ietf-dkim] Collection of use cases for SSP requirements

2006-11-08 09:37:38
I think some site like a Bank, that is heavily phished, might go so far as  
to declare
   "I sign all mail. Please delete/reject/drop/whatever (perhaps even  
silently) all messages that fail to verify".

Here's three cases:

a) publishes that note.  So far so good.

b) publishes that note, and blames you when their
   users' poorly formatted mail disappears.  Not so good.

c) publishes that note.  I don't want their mail
   whether they verify or not.

It seems to me that the likely number of domains in case a), real
institutions with serious phish problems, is far smaller than the
number of b) and c).  I don't see how SSP can help me as a receiver
tell the useful info about a) domains from the useless info about b)
and c) domains.  I expect that people will be using third party lists
of a)'s, which makes me ask what the point of self-publishing this is.


NOTE WELL: This list operates according to

<Prev in Thread] Current Thread [Next in Thread>