Wietse Venema wrote:
Michael Thomas:
Wietse Venema wrote:
MH Michael Hammer (5304):
Is DKIM checking sufficient in itself without SSP? How might DKIM-SSP
help receivers (the 3 aforementioned as well as others) leverage their
evaluation of received email whether signed (valid or not) or unsigned?
"known to be good" whitelisting can be done with DKIM-BASE alone.
SSP etc. is about the ABSENCE of valid signatures, and can help to
strengthen the "known to be good" whitelisting process.
You've said this several times, but I don't think that's the range
of all possibilities. Ag.com is a pretty good example of somebody
that I as a receiver don't know but if they're willing to say
"discard this if it's not signed", all other things being equal
why wouldn't I?
You do what you want to do.
I would hope that receivers don't discard mail simply because the
domain owner says so. Instead, I would hope that their hint goes
into a weighting process together with other indicators.
Look, if you want to design your own products based on these heuristics,
thats fine, but don't tell us what or how we should implement technology
especially mandating via specs on methods that are without of doubt,
highly questionable, subjective and puts systems and domains at risk for
even greater abuse.
The system MUST be based on PURE TRUE OR FALSE LOGIC and not anyone's
GUESS work.
--
Sincerely
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html