> By the way, speaking of trust and reputation services: > > SSP does not say that my bank's domain belongs to a real bank.
If I am the bank, then I can ensure that messages purporting to be from me are from me and nobody else. > > SSP does not say that a criminal's domain belongs to a fake bank. I know what banks I bank with. Someone at a fake bank with a valid ssp and dkim will still likely be ignored. I know that at least MY bank uses SSP and DKIM and I can trust that it is from them. > > SSP does not help me decide which bank is real. Again, I know who my bank is. If I get a message from BoA or a message from the First Mountain Trust of Namibia, I believe I would not have any trouble distinguishing between the two. > > If anything requires a reputation service, then it is SSP not DKIM. > DKIM can manage just fine with a local whitelist. > > I am aware that credibility on this list is inversely proportional > to the number of messages posted, and I will post corrections like > this infrequently. > I am not oblivious to what you are trying to say, but I believe that this will at least keep us going in the right direction and give us operational folks some tools with teeth. I am sure that when we build it, they will come and reputation services will eventually part of the tools. I just don't think it belongs in the draft. Regards, Damon Sauer _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
