4.4. Sender Signing Practices Check Procedure
...
1. If a valid Originator Signature exists, the message is not
...
2. The Verifier MUST query DNS for a TXT record corresponding to
...
3. The Verifier MUST query DNS for an MX record corresponding to
...
4. If the immediate parent of the Originator Domain is a top-level
...
5. The Verifier MUST query DNS for a TXT record for the immediate
...
6. If the SSP "t" tag exists in the response and any of the flags
...
7. If the SSP "t" tag exists in the response and any of the flags
...
8. If the value of the SSP "dkim" tag is "unknown", the message is
...
9. If the value of the SSP "dkim" tag is "all", and one or more
...
10. The message is Suspicious and the algorithm terminates.
If any of the queries involved in the Sender Signing Practices Check
result in a SERVFAIL error response, the verifier MAY either queue
the message or return an SMTP error indicating a temporary failure.
This is a fairly complex decision tree, for an initial specification of a new
type of protocol.
The first version of SSP that is standardized needs to have a much shorter and
simpler decision tree, if interoperable deployment is to be achieved anytime
soon after publication.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html