Hector Santos wrote:
The deployment guide specifically states:
Unless a scheme can correlate the DKIM signature with
accreditation or reputation data, the presence of a DKIM
signature SHOULD be ignored.
And that implies even a VALID signature. So the DEPLOYMENT
draft changes the semantics of DKIM-BASE itself
Of course a PASS from an "unknown stranger" cannot directly
help you. It is relatively simple for spammers to get a PASS,
no matter if it is DKIM or SPF. With an SPF PASS receivers
can bounce later, and in both PASS cases they could black- or
whitelist the sender / signer.
After they black- or whitelist it is no "unknown stranger".
The "accredidation or reputation data" is marketing speech
for "black- or whitelist", and of course receivers can buy
that as service from a third party, our use a free source
from a third party, or roll their own.
That's no evil scheme redefining DKIM, that is just at it is,
a PASS from an "unknown stranger" does *NOT* mean "no spam".
SSP lowers the need to reputation services and everyone
with a good engineering, product development and marketing
sense can see that.
SSP helps you to figure out which mails might be "suspicious"
from the POV of the sender (or rather authors), remotely in
the same direction as SPF FAIL.
SSP does *NOT* help you to create black and white lists for
a 1st or 3rd party DKIM PASS, let alone for SPF or PRA PASS.
How you create your white or black lists, roll your own, or
find free or commercial services, is your decision, and if
all you want is to reject SSP and SPF FAIL you need no list
at all (well, maybe you need "trusted forwarders" for SPF).
To suggest we are all WRONG is offensive. The fact is, we
were not wrong.
The fact is that domain owners trying to control where their
domain names appear in e-mail author addresses is an unheard
of twist of the mail architecture, and in comparison PRA was
"a modest proposal".
On my dead box I have a few old mails From: you. Under mail
rules since RFC 822 I am entitled to resend them to say Eric,
maybe in a discussion about the merits of SMTP HEAD vs. SREJ.
That you (as domain owner) can suddenly try to decree that I
cannot resend your old unsigned mail to Eric is preposterous
and a design issue in SSP.
Can you outline the serious TECHNICAL flaws?
See above. And that's only one of numerous examples where
"domain owner controls all author addresses everywhere" is
utter dubious.
Frank
--
(don't worry, I don't use "resend", I don't like this feature)
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html