Thank you for pulling that together. I think that was an excellent writeup.
One point I'd like to pull the thread on is the word drop. Rather that drop, I think it would be better to say reject. I'm taking the word drop to mean delete here. I think that deleting messages that fail an SSP test is not good for the overall reliability of the e-mail ecosphere as there is no indication to either the sender or the receiver (at the user level) that a message has not been delivered. This raises uncertainty. If messages are rejected (SMTP 550 at the end of DATA), then legitimate senders will be notified of the failure and can take action to rectify the problem without the backscatter risk associated with accept then bounce. I think that rejecting messages meets the goal that is stated here without adding risk or uncertainty. Scott K _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
