SSP is trying to provide information in the absence of a valid signature
from the author.
No signature -> no signing domain.
-Jim
Bill(_dot_)Oxley(_at_)cox(_dot_)com wrote:
When a message is received the only thing we truly can determine is the
IP it came from (in most cases)no matter what authority or ruleset that
subsequent headers assert. Now DKIM asserts responsibility for signing
but may not be the sender. Perhaps SSP should be asserted by the signing
domain so responsibility can be narrowed to a single party. I see a lot
of DKIM spam in the wild so we will have to ascertain
reputation/accreditation regardless but at least we will have an entity
of some sort to assign responsibility to. Highly phished sites will have
look-a-like issues regardless of what we assign as determinate SSP
lookup headers.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html