Damon wrote: > How is this any different than what we are doing with > reputation systems based on IP right now?
Maybe I'm only confused. But apparently we have two groups here, some interested in "DKIM pure" without SSP, and others interested in DKIM + SSP. A "DKIM pure" signer talking with an "SSP aware" verifier (or vice versa) should still work, no matter what the SSP of the 2822-From domain says. > If I were a less than honorable person, I would send all my > spam using someone with a good reputation (goodrep.com) as my > DSD. My sig fails because I purposely munged it, there is no > policy saying that this should definitely be rejected. > Because goodrep.com can not publish all of the domains that > it signs for, it is helpless to do anything about this. Yes. In theory goodrep can check your SSP, but a "DKIM pure" signer might not like this. Somebody proposed off list, that goodrep should have a list of 2822-From domains it signs. I'm not sure about this, is it acceptable for "DKIM pure" signers ? There is no procedure in 4409 for "check the 2822-From", it only offers a "MAY add Sender" option. Should signers "know" what they are signing - beyond their "normal" authentication ? The "MAY add Sender" option is already far from "normal", as far as I can judge it (i.e. based on about five MSAs :-) Frank _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
