On Feb 8, 2008, at 1:19 PM, MH Michael Hammer (5304) wrote:
I'm referring to mail that would be checked by DKIM against the From
email address (not the pretty name). My bad for assuming the scope of
the discussion was limited to what DKIM and DKIM-SSP can actually
address. If that isn't the scope then we might as well say that
asserting something in SSP doesn't stop people from speeding in
automobiles. This isn't about silver bullets. DKIM addresses
particular
issues. If you prefer a constraining "where" clause then consider
any of
my comments on the list as constrained by "For those things addressed
through the use of DKIM signing and DKIM-SSP.....". Having said that,
there are receivers out there that do look for mismatches between From
pretty name and email address or mismatched links in the body of the
email. This is one of the reasons that we have structured our emails
the
way we have. If there were a mechanism that allowed me to
automatically
communicate this I would do a little jig. Instead I have one-on-one
discussions with various receivers.
You can't say "receiver checking DKIM and/or SPF would stop 100%
of fraudulent emails" and then redefine "fraudulent emails" as "mails
stopped by receiver checking of DKIM and/or SPF".
DKIM+SSP will only ever stop a tiny fraction of "illegitimate" emails,
and pretending otherwise doesn't lead to an honest evaluation of the
benefits and drawbacks of it.
Cheers,
Steve
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html