Wietse Venema wrote:
If you replace (Client IP Address) by (Valid DKIM Signature) then
the similarity between SPF and SSP can be quite striking.
Extreme application of SPF results in the rejection of mail that
does not come from the "right" Client IP Address.
Extreme application of SSP results in the rejection of mail that
does not come with the "right" Valid DKIM Signature.
It's really the same thing, at different layer in the OSI stack.
Or is it?
If all SSP were doing was to re-invent SPF at a different OSI
layer, then no progress would be made; we would only squander the
opportunity for better accountability that DKIM makes possible.
Maybe. But maybe not. With SPF you had the lure of doing all of your
work at the 2821 layer. That is, reject things before you've read the
message. With SSP you have to read the message so you might as well
run SSP and the rest of your filtering and just incorporate SSP as
*one* datapoint of potentially many to determine the delivery
disposition. This seems a lot more sensible and prudent to me as
you're not elevating SSP to Silver Bullet status which is always
suspect.
Mike
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html