On Thursday 17 January 2008 13:12, John L wrote:
My point is that there are different sorts of assertions: those
suggesting that the receiver apply more scrutiny to messages from my
domain are likely to be believable even if self-asserted,
Why? I see no reason to assume this is true.
The only practical evidence we have is that Paypal has told people through
informal channels that they sign everything and it's OK with them to
discard unsigned mail, but we already knew they're the biggest phishing
target around.
My expectation is that a large majority of domains that would publish
strict SSP policies would be small mail systems with no more forgery
problems than anyone else, but an exaggerated idea of their own
importance. Sort of like the people who send you mail, then demand you
jump through C/R hoops when you respond to it.
And I wouldn't waste any more sleep over not getting mail because of
uninformed publishing of a strict SSP record than I would about that.
Scott K
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html