On Dec 10, 2007, at 11:06 PM, Jim Fenton wrote:
1. We seem to be seeing inconsistency between whether SSP is
providing information about potential signers, versus whether it is
directing the behavior of receivers. ("providing guidance" is
giving direction.)
SSP is clearly providing information about the use of DKIM by domains.
Agreed.
It is also allowing those domains to express their preference about
the handling of mail that purports to come from them.
"Purporting to come from" is not defined by SSP or DKIM.
"Purporting to have been authored by a user of the domain" is how SSP
is currently limited.
Defining which messages can be initially "authored" by uses of a
particular domain disallows fairly normal and perhaps legitimate
actions by others. Hence, specific handling statements will break
normal and legitimate uses of email. Controlling the handling of
messages initially "authored" by a particular domain is new.
Dictating the handling of these messages is unable to consider all
possible conditions. Err on the side of caution. Provide information
without dictating specific handling.
DKIM requires fewer exceptions. Fewer exceptions should provide a
better outcome. Nevertheless, an SSP specification will be able to
dictate how email should be handled in _every_ possible case.
The intent in this latter regard is that domains are encouraged to
do as requested by the alleged originating domain, but that they are
compliant with the specification even if they choose not to do so.
Any simple handling assertion will be wrong "some of the time" and
will affect legitimate messages. DKIM specifications should expect
that signatures and assertions provide receivers a means to
"recognize" potentially illegitimate actions. Let receivers decide
about handling.
+1520.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html