Hector Santos wrote: > The deployment guide specifically states: > Unless a scheme can correlate the DKIM signature with > accreditation or reputation data, the presence of a DKIM > signature SHOULD be ignored. > And that implies even a VALID signature. So the DEPLOYMENT > draft changes the semantics of DKIM-BASE itself
Of course a PASS from an "unknown stranger" cannot directly help you. It is relatively simple for spammers to get a PASS, no matter if it is DKIM or SPF. With an SPF PASS receivers can bounce later, and in both PASS cases they could black- or whitelist the sender / signer. After they black- or whitelist it is no "unknown stranger". The "accredidation or reputation data" is marketing speech for "black- or whitelist", and of course receivers can buy that as service from a third party, our use a free source from a third party, or roll their own. That's no evil scheme redefining DKIM, that is just at it is, a PASS from an "unknown stranger" does *NOT* mean "no spam". > SSP lowers the need to reputation services and everyone > with a good engineering, product development and marketing > sense can see that. SSP helps you to figure out which mails might be "suspicious" from the POV of the sender (or rather authors), remotely in the same direction as SPF FAIL. SSP does *NOT* help you to create black and white lists for a 1st or 3rd party DKIM PASS, let alone for SPF or PRA PASS. How you create your white or black lists, roll your own, or find free or commercial services, is your decision, and if all you want is to reject SSP and SPF FAIL you need no list at all (well, maybe you need "trusted forwarders" for SPF). > To suggest we are all WRONG is offensive. The fact is, we > were not wrong. The fact is that domain owners trying to control where their domain names appear in e-mail author addresses is an unheard of twist of the mail architecture, and in comparison PRA was "a modest proposal". On my dead box I have a few old mails From: you. Under mail rules since RFC 822 I am entitled to resend them to say Eric, maybe in a discussion about the merits of SMTP HEAD vs. SREJ. That you (as domain owner) can suddenly try to decree that I cannot resend your old unsigned mail to Eric is preposterous and a design issue in SSP. > Can you outline the serious TECHNICAL flaws? See above. And that's only one of numerous examples where "domain owner controls all author addresses everywhere" is utter dubious. Frank -- (don't worry, I don't use "resend", I don't like this feature) _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
