Re: [ietf-dkim] Re: 1: 1 and assertions about third parties
2008-01-18 09:43:45
John L wrote:
My expectation is that a large majority of domains that would publish
strict SSP policies would be small mail systems with no more forgery
problems than anyone else, but an exaggerated idea of their own
importance.
I'm sorry, but is it just your peevishness about their perceived
self-importance? What difference does it make if they aren't as
important as they think they are? How is that negatively affecting
you?
My understanding is that the point of publishing SSP is to help mail
recipients filter their mail better, where the only useful meaning of
better is that it makes the recipient users happier. (I see occasional
claims that the purpose of SSP is to permit senders to make statements
regardless of whether they're useful to anyone else. If that's the
case, we need to document it better but you can ignore the rest of this
message.)
Senders' opinions about third parties aren't useful in making filtering
decisions. In the example above, what happens when a user of such a
domain sends mail through a mailing list and the signatures break? If
you believe the strict SSP, you throw away perfectly good mail, making
users unhappy. Well, OK, perhaps you adjust your rules to whitelist
mail from known mailing lists. But now what about a domain like Paypal
that you know (not from SSP) is both heavily forged and doesn't send
mail through lists? My filter rules dump anything not sent directly
from Paypal, list or no list. But how can SSP help us distinguish the
Paypals from the self-importants? It can't, and there are clearly far
more inept mail system managers than Paypal-style mega-phish targets.
There's an infinite variation of things that inept system managers
can do. If they misuse SSP why is that so very different inept sysadmins
who run open relays? Both are dumb and will get you in trouble. If we're
limited to the lowest common denominator, then there's _nothing_ we can
do because that's really low, and it really doesn't have anything to do
with their motivation (cf self-importance).
It's fine to publish statements about what you actually do. "I sign
everything" is fine, a sender controls that. Perhaps "I don't send mail
through lists" would be useful, again, a sender can control that. But
"I'm a phish target" or "broken signatures are forgeries" or anything
else that purports to describe what other people do isn't useful,
because the guy making the statement doesn't know any more about it than
anyone else does. For the vast majority of domains, I suspect that AOL
and Hotmail and other large inbound mail systems have much better data
on how much
Well, SSP doesn't have "I'm a phish target" but does have the other two
more or less, so I guess there's no argument here.
Mike
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Re: 1: 1 (was RE: [ietf-dkim] Re: ISSUE 1525 -- Restriction to posting by firstAuthorbreaks email semantics), (continued)
- Re: 1: 1 (was RE: [ietf-dkim] Re: ISSUE 1525 -- Restriction to posting by firstAuthorbreaks email semantics), Jim Fenton
- [ietf-dkim] Re: 1: 1 and assertions about third parties, John L
- Re: [ietf-dkim] Re: 1: 1 and assertions about third parties, Scott Kitterman
- Re: [ietf-dkim] Re: 1: 1 and assertions about third parties, Michael Thomas
- Re: [ietf-dkim] Re: 1: 1 and assertions about third parties, John L
- Re: [ietf-dkim] Re: 1: 1 and assertions about third parties, Hector Santos
- [ietf-dkim] OT: 300, 000 bounces (was: 1: 1 and assertions about third parties), Frank Ellermann
- Re: [ietf-dkim] OT: 300, 000 bounces (was: 1: 1 and assertions about third parties), John Levine
- [ietf-dkim] Re: OT: 300,000 bounces, Frank Ellermann
- Re: [ietf-dkim] Re: OT: 300,000 bounces, John Levine
- Re: [ietf-dkim] Re: 1: 1 and assertions about third parties,
Michael Thomas <=
- Re: [ietf-dkim] Re: 1: 1 and assertions about third parties, John L
- Re: [ietf-dkim] Re: 1: 1 and assertions about third parties, Michael Thomas
- Re: [ietf-dkim] Re: 1: 1 and assertions about third parties, John L
- Re: [ietf-dkim] Re: 1: 1 and assertions about third parties, Michael Thomas
- Re: [ietf-dkim] Re: random stangers, was 1: 1, John L
- Re: [ietf-dkim] Re: random stangers, was 1: 1, Michael Thomas
- Re: [ietf-dkim] Re: random stangers, was 1: 1, John L
- Re: [ietf-dkim] Re: random stangers, was 1: 1, Michael Thomas
- Re: [ietf-dkim] Re: 1: 1 and assertions about third parties, Damon
- [ietf-dkim] ISSUE 1525 -- Clarification about posting by first Author, John L
|
|
|