Re: [ietf-dkim] Re: 1: 1 and assertions about third parties
2008-01-17 22:02:36
My expectation is that a large majority of domains that would publish
strict SSP policies would be small mail systems with no more forgery
problems than anyone else, but an exaggerated idea of their own importance.
I'm sorry, but is it just your peevishness about their perceived
self-importance? What difference does it make if they aren't as
important as they think they are? How is that negatively affecting
you?
My understanding is that the point of publishing SSP is to help mail
recipients filter their mail better, where the only useful meaning of
better is that it makes the recipient users happier. (I see occasional
claims that the purpose of SSP is to permit senders to make statements
regardless of whether they're useful to anyone else. If that's the case,
we need to document it better but you can ignore the rest of this
message.)
Senders' opinions about third parties aren't useful in making filtering
decisions. In the example above, what happens when a user of such a
domain sends mail through a mailing list and the signatures break? If you
believe the strict SSP, you throw away perfectly good mail, making users
unhappy. Well, OK, perhaps you adjust your rules to whitelist mail from
known mailing lists. But now what about a domain like Paypal that you
know (not from SSP) is both heavily forged and doesn't send mail through
lists? My filter rules dump anything not sent directly from Paypal, list
or no list. But how can SSP help us distinguish the Paypals from the
self-importants? It can't, and there are clearly far more inept mail
system managers than Paypal-style mega-phish targets.
It's fine to publish statements about what you actually do. "I sign
everything" is fine, a sender controls that. Perhaps "I don't send mail
through lists" would be useful, again, a sender can control that. But
"I'm a phish target" or "broken signatures are forgeries" or anything else
that purports to describe what other people do isn't useful, because the
guy making the statement doesn't know any more about it than anyone else
does. For the vast majority of domains, I suspect that AOL and Hotmail
and other large inbound mail systems have much better data on how much
R's,
John
PS: I say this even though I happen to be a moderately signficant forgery
target. Every day abuse.net gets over 300,000 bounces of spam it didn't
send, but I don't see why anyone who doesn't already know me would take my
word for it.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Re: 1:1 (was RE: [ietf-dkim] Re: ISSUE 1525 -- Restriction to posting by firstAuthorbreaks email semantics), (continued)
- Re: 1:1 (was RE: [ietf-dkim] Re: ISSUE 1525 -- Restriction to posting by firstAuthorbreaks email semantics), Scott Kitterman
- Re: 1: 1 (was RE: [ietf-dkim] Re: ISSUE 1525 -- Restriction to posting by firstAuthorbreaks email semantics), John Levine
- Re: 1: 1 (was RE: [ietf-dkim] Re: ISSUE 1525 -- Restriction to posting by firstAuthorbreaks email semantics), Jim Fenton
- Re: 1: 1 (was RE: [ietf-dkim] Re: ISSUE 1525 -- Restriction to posting by firstAuthorbreaks email semantics), John L
- Re: 1: 1 (was RE: [ietf-dkim] Re: ISSUE 1525 -- Restriction to posting by firstAuthorbreaks email semantics), Jim Fenton
- Re: 1: 1 (was RE: [ietf-dkim] Re: ISSUE 1525 -- Restriction to posting by firstAuthorbreaks email semantics), John L
- Re: 1: 1 (was RE: [ietf-dkim] Re: ISSUE 1525 -- Restriction to posting by firstAuthorbreaks email semantics), Jim Fenton
- [ietf-dkim] Re: 1: 1 and assertions about third parties, John L
- Re: [ietf-dkim] Re: 1: 1 and assertions about third parties, Scott Kitterman
- Re: [ietf-dkim] Re: 1: 1 and assertions about third parties, Michael Thomas
- Re: [ietf-dkim] Re: 1: 1 and assertions about third parties,
John L <=
- Re: [ietf-dkim] Re: 1: 1 and assertions about third parties, Hector Santos
- [ietf-dkim] OT: 300, 000 bounces (was: 1: 1 and assertions about third parties), Frank Ellermann
- Re: [ietf-dkim] OT: 300, 000 bounces (was: 1: 1 and assertions about third parties), John Levine
- [ietf-dkim] Re: OT: 300,000 bounces, Frank Ellermann
- Re: [ietf-dkim] Re: OT: 300,000 bounces, John Levine
- Re: [ietf-dkim] Re: 1: 1 and assertions about third parties, Michael Thomas
- Re: [ietf-dkim] Re: 1: 1 and assertions about third parties, John L
- Re: [ietf-dkim] Re: 1: 1 and assertions about third parties, Michael Thomas
- Re: [ietf-dkim] Re: 1: 1 and assertions about third parties, John L
- Re: [ietf-dkim] Re: 1: 1 and assertions about third parties, Michael Thomas
|
|
|