OOPs forgot one criteria, * There is no valid signature
:-) I think that there will be a lot of value in the 'no I mean it' modifier in the next couple of years. Eventually I hope we can fix the relays and everyone can mean it. Another semantic difference is that if I see someone claiming to be a target of phishing and I see fake messages I am likely to want to report them. > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Steve Atkins > Sent: Thursday, September 07, 2006 4:32 PM > To: [email protected] > Subject: Re: [ietf-dkim] user level ssp > > > On Sep 7, 2006, at 12:54 PM, Hallam-Baker, Phillip wrote: > > > > >> [mailto:[EMAIL PROTECTED] On Behalf Of Steve Atkins > > > >> On Sep 7, 2006, at 12:28 PM, Hallam-Baker, Phillip wrote: > >> > >>> > >>>> [mailto:[EMAIL PROTECTED] On Behalf Of John Levine > >>> > >>> Mostly +1 > >>> > >>> But there could be utility in the sender saying 'My email > >> is at very > >>> serious risk of being impersonated'. > >> > >> What is that utility? Please expand on what behaviour you > expect from > >> the recipient and how that will differ from the case where > the sender > >> does not say that. > > > > If I know that you are a self declared target of phishing > and that the > > consequences of letting a phish go through are considerably more > > serious than a random impersonation spam I can adjust my > spam filters > > accordingly. > > > > In particular I would expect to filter out ALL mail > automatically in > > the case that ALL the following apply: > > > > * The sender ALWAYS signs > > * The sender declares themselves to be at risk of phishing attack > > * The content is HTML > > * There are URIs in the body of the text message > > * The message has not been forwarded by a previously noted > > intermediary. > > How does that differ from the case where: > > * The sender ALWAYS signs > * The content is HTML > * There are URIs in the body of the text message > * The message has not been forwarded by a previously noted > intermediary. > > I guess that the real question is what's the difference > between "I always sign" > and "I always sign and I get phished"? > > The impression I'm getting, from several people, is that "I > always sign" is already being written off as likely to be > ignored by recipients and that there needs to be a "No, I > really mean it!" modifier? > > Cheers, > Steve > > _______________________________________________ > NOTE WELL: This list operates according to > http://mipassoc.org/dkim/ietf-list-rules.html > > _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
