On Feb 8, 2008, at 6:13 PM, Michael Thomas wrote:
Wietse Venema wrote:
MH Michael Hammer (5304):
Is DKIM checking sufficient in itself without SSP? How might DKIM-
SSP
help receivers (the 3 aforementioned as well as others) leverage
their
evaluation of received email whether signed (valid or not) or
unsigned?
"known to be good" whitelisting can be done with DKIM-BASE alone.
SSP etc. is about the ABSENCE of valid signatures, and can help to
strengthen the "known to be good" whitelisting process.
You've said this several times, but I don't think that's the range
of all possibilities. Ag.com is a pretty good example of somebody
that I as a receiver don't know but if they're willing to say
"discard this if it's not signed", all other things being equal
why wouldn't I?
Because a noticeable chunk of what you'd be discarding would be
legitimate mail that your users wanted. If an ISP pays more attention
to what senders want than what their paying users want, they don't
deserve to be in the business.
The driving factor for receivers is delivering mail that their users
want, and not delivering mail that their users object to.
That is at direct odds to the design of SSP (which is to not deliver
some small fraction of email both legitimate and otherwise).
In any case, this is pretty squarely into the secret sauce of
receiver filter logic, so I'm not sure what the point is about
needing agreement; filters are certainly allowed to be more
cautious which is how I read you.
Cheers,
Steve
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html