John L wrote:
Depends on the nature of the assertion. If the assertion is "I'm a
good guy" or "I send virus-free messages" the receiver isn't likely
to believe me. If the assertion is "Be very careful about messages
coming from my domain", why shouldn't the receiver pay attention to
that?
Because, as I said in my previous message, you are making assertions
about the behavior of people you don't know or control.
With respect to a domain likely to use SSP (such as a domain used
only for transactional messages), who are these zillions of other
senders, and why should that domain be concerned about them?
I was under the impression that SSP was intended to deter unrelated
senders from sending mail with your domain in the From: line, on the
theory that such messages might be forgeries. Are you saying it's for
something else?
Oh, you mean that I might assert "I'm a phishing target" when in fact
I'm not. In any case, nobody is proposing that assertion (nor the
iambic pentameter one, either). My point is that there are different
sorts of assertions: those suggesting that the receiver apply more
scrutiny to messages from my domain are likely to be believable even if
self-asserted, and those suggesting that the sender is a good guy are
only useful if coming from an accreditor or reputation system the
receiver trusts.
-Jim
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html