ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] Re: 1: 1 and assertions about third parties

2008-01-17 22:02:36
from [John L] [Permanent Link]
My expectation is that a large majority of domains that would publish strict SSP policies would be small mail systems with no more forgery problems than anyone else, but an exaggerated idea of their own importance. 

I'm sorry, but is it just your peevishness about their perceived
self-importance? What difference does it make if they aren't as
important as they think they are? How is that negatively affecting
you?
My understanding is that the point of publishing SSP is to help mail recipients filter their mail better, where the only useful meaning of better is that it makes the recipient users happier. (I see occasional claims that the purpose of SSP is to permit senders to make statements regardless of whether they're useful to anyone else. If that's the case, we need to document it better but you can ignore the rest of this message.)
Senders' opinions about third parties aren't useful in making filtering decisions. In the example above, what happens when a user of such a domain sends mail through a mailing list and the signatures break? If you believe the strict SSP, you throw away perfectly good mail, making users unhappy. Well, OK, perhaps you adjust your rules to whitelist mail from known mailing lists. But now what about a domain like Paypal that you know (not from SSP) is both heavily forged and doesn't send mail through lists? My filter rules dump anything not sent directly from Paypal, list or no list. But how can SSP help us distinguish the Paypals from the self-importants? It can't, and there are clearly far more inept mail system managers than Paypal-style mega-phish targets.
It's fine to publish statements about what you actually do. "I sign everything" is fine, a sender controls that. Perhaps "I don't send mail through lists" would be useful, again, a sender can control that. But "I'm a phish target" or "broken signatures are forgeries" or anything else that purports to describe what other people do isn't useful, because the guy making the statement doesn't know any more about it than anyone else does. For the vast majority of domains, I suspect that AOL and Hotmail and other large inbound mail systems have much better data on how much 

R's,
John
PS: I say this even though I happen to be a moderately signficant forgery target. Every day abuse.net gets over 300,000 bounces of spam it didn't send, but I don't see why anyone who doesn't already know me would take my word for it. 
_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] Re: ISSUE 1525 -- Restriction to posting by first Author breaks email semantics, Hector Santos
Next by Date:  Re: [ietf-dkim] Re: 1: 1 and assertions about third parties, Hector Santos
Previous by Thread:  Re: [ietf-dkim] Re: 1: 1 and assertions about third parties, Michael Thomas
Next by Thread:  Re: [ietf-dkim] Re: 1: 1 and assertions about third parties, Hector Santos
Indexes:  [Date] [Thread] [Top] [All Lists]