MH Michael Hammer (5304):
> Is the potential benefit afforded a receiver by checking that SSP
> assertion AND taking whatever (unspecified) action worth the effort
> of doing so? If receivers are likely to have little or no
> benefit/interest in checking SSP then the rest of the discussion
> is moot.
>
> In other words, is the juice worth the squeeze?
Wietse:
> Spammers can use DKIM and SSP too. Therefore [..] the juice is
> not worth the squeeze unless the receiver actually knows the
> domain. Perfect DKIM+SSP by a total stranger is relatively
> meaningless.
MH Michael Hammer:
> I'm asking in terms of the overall implementation. In a world
> where all domains are strangers the juice is definately not worth
> the squeeze. That is the chicken and egg of kickstarting adoption.
The far majority of email is from strangers. Specifically, there
is an awful lot of email with me as recipient from apparent senders
that I have no relationship with. I have no reason to believe that
my experience differs radically from that of other people.
> Is the same true where half (or pick a percentage of your choice)the
> domains are strangers? At what point do the benefits of checking
> outweigh the costs of checking?
Honestly, I know of no reasons why spammers would start to send
less email. There is a lot of spam out there that has nothing to do
with domain spoofing and everything with gullible greedy recipients.
> So if it isn't 3PS (01) and it isn't ASP (02) then what is it that is to
> be identified/protected by SSP?
It's primarily about whitelisting what's "known to be good". When
I get mail that claims to be from a total stranger then it does
not matter if it is 100% DKIM/SSP compliant.
> Is DKIM checking sufficient in itself without SSP? How might DKIM-SSP
> help receivers (the 3 aforementioned as well as others) leverage their
> evaluation of received email whether signed (valid or not) or unsigned?
"known to be good" whitelisting can be done with DKIM-BASE alone.
SSP etc. is about the ABSENCE of valid signatures, and can help to
strengthen the "known to be good" whitelisting process.
When I get mail that claims to be from a total stranger then it does
not matter if it is 100% DKIM/SSP compliant.
Wietse
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
