1) It sounds like you are saying that, unless I expect that a receiver
is going to use that fact as a binary decision point to accept or reject
a piece of mail it is not worth expressing
Oh, no. I am trying to say that senders should stick to what they know
about. "I sign all my mail" certainly qualifies.
Agreed, and one of the things a domain owner knows in at least some situations
is what policies they have set for users of that domain about how they are
allowed to use that domain. Clearly this is not the case for a the majority of
domains on the internet, but how many have to be able to make this assertion
for it to be useful to have in the standard?
2) We have to build SSP assuming that people are only ever going to use
this information by itself and that they for some reason do not have
access to any other information about the sender.
Actually, I feel quite the opposite, that receivers will make their
filtering decisions based on all sorts of useful information from multiple
sources. But I still don't understand why anyone expects "I'm a phish
target" from some random stranger to be useful. If you have access to a
lot of receiver data, e.g., a large ISP, you probably know way more about
that the sender does.
R's,
John
By asserting that any mail that claims authorship from a domain I control must
be signed by me I'm not making any particular assertion about why any other
mail might not fit that policy. Just the fact that it does not.
_________________________________________________________________
Shed those extra pounds with MSN and The Biggest Loser!
http://biggestloser.msn.com/
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html