IETF Logo Mail Archive

Re: [ietf-dkim] A more fundamental SSP axiom

Damon <deepvoice@gmail.com> Fri, 04 August 2006 21:57 UTC

Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1G97fI-00041b-Mz for ietf-dkim-archive@lists.ietf.org; Fri, 04 Aug 2006 17:57:08 -0400
Received: from sb7.songbird.com ([208.184.79.137]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1G97fH-0005QN-A6 for ietf-dkim-archive@lists.ietf.org; Fri, 04 Aug 2006 17:57:08 -0400
Received: from sb7.songbird.com (sb7.songbird.com [127.0.0.1]) by sb7.songbird.com (8.12.11.20060308/8.12.11) with ESMTP id k74LsJZW027036; Fri, 4 Aug 2006 14:54:19 -0700
Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.187]) by sb7.songbird.com (8.12.11.20060308/8.12.11) with ESMTP id k74Ls1J3027018 for <ietf-dkim@mipassoc.org>; Fri, 4 Aug 2006 14:54:01 -0700
Received: by nf-out-0910.google.com with SMTP id g2so572037nfe for <ietf-dkim@mipassoc.org>; Fri, 04 Aug 2006 14:53:35 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=GHm1oJ3TzgOC2tumUiFS9OFj/Gp1JVfGlaz7SttnmWctILkQBFzpz6tA4UX4ZVbmK9VFz1tgHQzPYuoJFN/59vDdeFimhs/Ow+k3N4l+mfkPE+FNjdBqd3AyoGhL9tfHwafJryoiJ39UH6UgWL25rC9OvG0+HYy9KYm6DewzNQY=
Received: by 10.78.175.8 with SMTP id x8mr1725406hue; Fri, 04 Aug 2006 14:53:35 -0700 (PDT)
Received: by 10.78.149.6 with HTTP; Fri, 4 Aug 2006 14:53:35 -0700 (PDT)
Message-ID: <62146370608041453x77e824aem5f5df0f19bda13ec@mail.gmail.com>
Date: Fri, 04 Aug 2006 17:53:35 -0400
From: Damon <deepvoice@gmail.com>
To: Michael Thomas <mike@mtcc.com>
Subject: Re: [ietf-dkim] A more fundamental SSP axiom
In-Reply-To: <44D3BB65.20702@mtcc.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <20060802002353.U59653@simone.iecc.com> <44D36B4A.2050903@mtcc.com> <20060804114527.Y27352@simone.iecc.com> <44D37376.4020408@mtcc.com> <20060804132203.Y49810@simone.iecc.com> <EAF17954-74A3-4374-A059-B31A1414B350@mail-abuse.org> <62146370608041122t779d200h1b29a659ac8ad612@mail.gmail.com> <44D3B49D.9090800@mtcc.com> <62146370608041406i74f707ffgf708bafe87784d97@mail.gmail.com> <44D3BB65.20702@mtcc.com>
X-Songbird: Clean, Clean
Cc: DKIM List <ietf-dkim@mipassoc.org>
X-BeenThere: ietf-dkim@mipassoc.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF DKIM Discussion List <ietf-dkim.mipassoc.org>
List-Unsubscribe: <http://mipassoc.org/mailman/listinfo/ietf-dkim>, <mailto:ietf-dkim-request@mipassoc.org?subject=unsubscribe>
List-Archive: <http://mipassoc.org/pipermail/ietf-dkim>
List-Post: <mailto:ietf-dkim@mipassoc.org>
List-Help: <mailto:ietf-dkim-request@mipassoc.org?subject=help>
List-Subscribe: <http://mipassoc.org/mailman/listinfo/ietf-dkim>, <mailto:ietf-dkim-request@mipassoc.org?subject=subscribe>
Sender: ietf-dkim-bounces@mipassoc.org
Errors-To: ietf-dkim-bounces@mipassoc.org
X-SongbirdInformation: support@songbird.com for more information
X-Songbird-From: ietf-dkim-bounces@mipassoc.org
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 3e15cc4fdc61d7bce84032741d11c8e5

> In spamassassin terms,  I might assign:
>
> SSPPOLICY_SIGNSOME 0
> SSPPOLICY_SIGNALLTESTING 2
> SSPPOLICY_SIGNALLNOTTESTING 10
>
> In the first case, they're telling me to not bother with DKIM because it
> will
> be unreliable. In the second case, the signing domain saying that they sign
> everything means that there's clearly something amiss and that it would be
> good to bias it toward rejection. The third case is the signing domain
> saying
> that they'd rather it fail than be accepted.
>

Which is why I tell my CEO always send the important stuff via FedEX.
(I own stock ;)

Wouldn't it be safer not signing?

On the other hand....
Being an operational guy, I know that 99.999^nth% of my mail is going
to make it unmunged. But I hear so much "sky is falling" that I get
caught up in it too.

But what you are talking about is good mail. Mail we know is good
going bad due to some technical hiccup.
What I am concerned with is the bad mail being treated at the same
level as the good mail. I have to weigh my options....

Do I make my scores very high for failed sig checks and treat someone
who /thinks/ they are going the extra mile to ensure their mail is
getting better treatment at the receiving end by signing it- is
getting exactly the opposite of what they expected to happen because
some two-bit system munged their sig in-between. This mail gets
junked, their reputation takes a hit, and the powerpoint they needed
for today's meeting doesn't get there.

Or

Is this just another luke-warm protocol, that is going to be a pain in
the rear to implement and maintain, just so I can add a few measly
points to their score?


I see room for improvement... lots of room. I can see adding policy to
the record or to the DKIM header.. or both that can provide a
"secondary" check or what to do if the record is munged. I like those
ideas. I can start putting teeth back into my scoring

Regards,
Damon Sauer
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

v2.23.0 | Report a Bug | By Email