spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [spf-discuss] Re: DKIM-SSP integration SPF

2006-08-14 06:01:29
from [Hector Santos] [Permanent Link] 

----- Original Message -----
From: "Dick St.Peters" <stpeters(_at_)NetHeaven(_dot_)com>
Newsgroups: spf.-.sender.policy.framework.discussion
To: <spf-discuss(_at_)v2(_dot_)listbox(_dot_)com>
Sent: Monday, August 14, 2006 8:25 AM
Subject: Re: [spf-discuss] Re: DKIM-SSP integration SPF



Hector Santos writes:

Well, in theory you have 6 x 4 or 24 possible states.  When you complete
this 6x4 table grid, there will be a very strong results included with
indeterminate.


Hector's analysis assumes that SPF and DKIM will be evaluated
jointly, but if SPF is used as I believe was intended, messages
failing SPF will be rejected before DATA, and there will be no DKIM
result.


This is a very good point.  But a FAIL can become about thru a false
positive fowarding.


When considering SPF+DKIM, I think the most important question to
answer first is "What does SPF bring to the table that DKIM does not?"
The most obvious answer is "Ability to reject messages without reading
them."

Anything else?


100% correct. No doubt.

But we still have false positives and I would like to see the "snapshot"
theoretical analysis of having the all the "evidence" in front of you.

For example:

     SPF-FAIL ->  Instant rejection????
     SPF-PASS ->  Instant rejection????

What is your trust in that result?   Lets just assume 80%

What would it take to see in DKIM in order to make that a 100% trusted
result?

A failed in DKIM?  A pass of DKIM?  respectively?

How about if we got this?

     SPF-FAIL + DKIM+PASS =  result?  PASS or FAIL?

Also, consider that many systems are or will be processing DATA dynamically
too within the DATA stage.  It still requires the payload to be transferred,
but it is less dangerous than a ACCEPT/REJECT POST SMTP process.

Correct?

--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com





-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [spf-discuss] Re: DKIM-SSP integration SPF, Alex van den Bogaerdt
Next by Date:  Re: [spf-discuss] Re: DKIM-SSP integration SPF, Hector Santos
Previous by Thread:  Re: [spf-discuss] Re: DKIM-SSP integration SPF, Alex van den Bogaerdt
Next by Thread:  [spf-discuss] Re: DKIM-SSP integration SPF, Frank Ellermann
Indexes:  [Date] [Thread] [Top] [All Lists]