[Top] [All Lists]

Re: [ietf-dkim] Collection of use cases for SSP requirements

2006-11-08 21:27:35
On Wednesday 08 November 2006 11:16, John Levine wrote:
I think some site like a Bank, that is heavily phished, might go so far as
to declare
   "I sign all mail. Please delete/reject/drop/whatever (perhaps even
silently) all messages that fail to verify".

Here's three cases:

a) publishes that note.  So far so good.

b) publishes that note, and blames you when their
   users' poorly formatted mail disappears.  Not so good.

c) publishes that note.  I don't want their mail
   whether they verify or not.

It seems to me that the likely number of domains in case a), real
institutions with serious phish problems, is far smaller than the
number of b) and c).  I don't see how SSP can help me as a receiver
tell the useful info about a) domains from the useless info about b)
and c) domains.  I expect that people will be using third party lists
of a)'s, which makes me ask what the point of self-publishing this is.

SSP can't slice toast either.  

A is good.  

B is not your fault.  No matter what you do, poorly configured senders will 
blame you.  They do it now, so this is no different than today.

C is not the problem SSP is meant to solve.

So it sounds to me like everything is fine.

Scott K
NOTE WELL: This list operates according to

<Prev in Thread] Current Thread [Next in Thread>