On Tuesday 22 August 2006 15:56, Hallam-Baker, Phillip wrote: > ... we need to promote the idea that you should not look for the > existence or even the validity of a DKIM header as being as important as > the domain that is claiming responsibility. If you can't correlate the > domain to some form of additional information you should ignore the record > entirely.
And I would argue that SSP is a first attempt to provide some of the additional information. What we need is more determinism and fewer heuristics. If we can get an SSP is adequately expressive, I want to be able to reject messages after DATA if the fall outside the scope of the defined sender policy. If the message is real, the sender will get a rejection notification and they can try an alternate means of communication. If it's forged spam, no one is bothered by backscatter. This a path away from messages disappearing forever into never reviewed spam folders. I also want the SSP to work for as broad a set of senders as it can reasonably accommodate. If it just works for the large senders, we will not, in my opinion, have done the job we were chartered to do. Scalability is both up and down. Scott K _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
