John L wrote:
SPP bankofamerica.com p=strict
From: loans(_at_)bankofamerica(_dot_)com
DKIM-Signature: i=(_at_)dkim(_dot_)mit(_dot_)edu
DKIM-Signature: i=(_at_)dkim(_dot_)bankofamerica(_dot_)com
Subject: Get a great rate today!
<body munged by mit that would cause bankofamerica signature to fail>
You'd accept the message?
That depends on what I think of dkim.mit.edu. If they had a history of
sending good mail, sure. If not, probably not.
I don't know about others, but you can't base a world wide open standard
protocol based on these extremely subjective isolated decisions, and
thats even if YOU have a clue as well of who they are, which most of the
time, you won't.
It's probably worth reminding people yet again that the point of DKIM is
to reliably tie a message to a domain, so you can use that domain's
reputation to evaluate the mail.
So without Reputation, is DKIM useless? Is this part of the DKIM-BASE
specification? Hmmmmmm, I think I did see a reference to that assertion
some where... oh yeah, the off-list engineered Deployment draft
entrenched with reputation considerations and hardly none for SSP:
2.5. Filtering Software
...
Unless a scheme can correlate the DKIM signature with accreditation
or reputation data, the presence of a DKIM signature SHOULD be
ignored.
Mind boggling! It only makes you wonder why we have such a conflict here.
> SSP doesn't change that.
SSP != REPUTATION
--
Sincerely
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html