Jim Fenton wrote:
Wietse Venema wrote:
What is the relevance of this for the current effort? I have nothing
against an SSP that says what mail if any a domain signs or sends.
Like many, I would use that to throw away some mail. But it would be
a mistake to position SSP as the solution for email phishing.
I agree with the above statement. At the same time, I think it's
appropriate to consider the potential for technologies like SSP to
reduce losses due to phishing. It isn't necessary to "solve" the
problem to produce a tangible benefit.
Right. So let's explore what current problems specific functions in SSP will
mitigate.
Folks who are proponents of particular SSP features should document specific
threats and specific SSP feature(s) that will mitigate them.
An essential part of such exercise is to explain why the mitigation is
strategic. That is, why will it not be easy for attackers to work around the
SSP mechanism and achieve equivalent attack success.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html