As long as we all remember that bad actors can get a domain, populate dkim keys and ssp then send spam until they are noticed and shutdown. Policy will be by the receiver that a message that fails dkim/ssp is flagged for a closer examination than a message that passes both dkim and ssp but all mail will continue to be scrutinized. Thanks, Bill Oxley Messaging Engineer Cox Communications, Inc. Alpharetta GA 404-847-6397 [EMAIL PROTECTED]
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Levine Sent: Monday, July 31, 2006 9:23 PM To: [email protected] Cc: [EMAIL PROTECTED] Subject: Re: [ietf-dkim] A few SSP axioms >I think this is the key issue then and we ought to focus on it. In >my view almost the entire point of a signing policy is constraining >whose signatures are considere authorized by the domain owner. I'm assuming that when you say authorized, you mean authoritative. (English definitely has its shortcomings.) A few scenarios: Message from domain A, signed by A; does SSP matter at all? Message from A, signed by B; A's SSP says B signs all its mail Message from A, signed by A and B; does SSP matter? (I hope not.) Message from A, signed by C; SSP says nothing about C. R's, John _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
