Re: [ietf-dkim] A more fundamental SSP axiom

[Michael Thomas <mike@mtcc.com>]

John L wrote:

>> Part of the problem here is the past record of SPF with over-zealous 
>> 550 if
>> there's any hint of bogosity. We, for example, would be forced to 
>> take down
>> a "we sign everything" policy if that were to happen with DKIM -- 
>> even though
>> we'll be signing everything pretty soon. If there were a qualifier in 
>> the "I sign everything policy" that specifically implies that sending 
>> a 550 based on a missing DKIM signature alone is extremely 
>> bone-headed" then maybe we can both.
>
>
> I don't see the point.  That last suggestion is, to the recipient, the 
> equivalent of a useless "I sign some mail" since you're telling the 
> recipient it's OK to accept some amount of both signed and unsigned mail.

For us, the amount of mail that is in the false positive quandry is 
really really
small, though the people it would effect primiarly are people who could make
it a living hell in IT. A policy which is more relaxed could, however, 
say that
it's well worth the effort be extremely cautious about such mail -- a 
far higher
barrier to entry than the current one-size-fits-all filters. This would 
be justified
because a) the high scruitiny class would be a small subset so that 
extra scrutiny
wouldn't incrementally cost much (if anything), and b) this is the kind 
of mail
that you really really want to be cautious about anyway since it's where the
phishing attacks are happening.

So no, I don't think it's useless at all. It provides a means to 
classify mail
in much more precise buckets so that the analysis budget can be more
sensibly divided.

       Mike
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html