Arvel, I think it is reasonable for the sender to say 'here is how you can spot a likely fake'. This statement is tantamount to 'be very suspicious' or even in certain cases 'discard this message' since a fake is almost certainly spam.
The part that I think SPF folk failed to understand was that the sender can never order the receiver to ACCEPT a message. The second issue is the reason why it is very important to avoid suggesting that the sender is in control. I dislike use of the term authorization for the same purpose. > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Arvel Hathcock > Sent: Thursday, September 07, 2006 1:30 PM > To: '[email protected]' > Subject: RE: [ietf-dkim] user level ssp > > > At base the former seems to move SSP from being a basic means of > > checking for rogue mail, into recruiting the receive-side to be an > > agent of the From-field domain owner, for enforcing potentially > > complex operational rules. > > IMO, "recruiting the receive-side to be an agent of the > From-field domain owner" probably goes too far. I certainly > don't feel I am an "agent" of the RFC2821.mail domain owner > when I do my SPF checks. Nor am I the servent of the PRA by > virtue of doing Sender-ID. Rather, those who employ SSP are > "agents" working on their own behalf in an attempt to utilize > another authenticity vector in order to provide the most > trustworthy mail service they can. > > "for enforcing potentially complex operational rules" - SSP > is simply an gathering mechanism. Any complex operational > rules are at the discretion of the receiver post-SSP right? > > > Absent compelling demonstration of market need, > > I believe that the need and duty to protect ones domain from > unauthorized use is (or should be) presuppositional and > therefore needs no demonstration. However, are you saying > that the market has no need for SSP? What constitutes > "compelling" and are we qualified to determine that in the IETF? > > > why are we considering something that, to my knowledge, has no > > experiential base for the scale and complexity of the open Internet? > > SPF provides, at least partially, the experiential base for > something like SSP doesn't it? It is deployed widely, is DNS > based, and is more complex than SSP. Yet the market seems to > have embraced it. > > -- > Arvel > > > > > _______________________________________________ > NOTE WELL: This list operates according to > http://mipassoc.org/dkim/ietf-list-rules.html > > _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
