[Asrg] On assertions

[Steve Atkins]

On Jul 29, 2008, at 9:19 AM, John Levine wrote:

> I'm sitting here in Dublin thinking about what the ASRG should do,  
> particularly the R part, and the word Assertions came to mind.
>
> There seems to be considerable interest in making assertions about  
> the mail behavior of domains.  The simplest useful assertion is  
> probably "we send no mail", but we've seen at least three different  
> variations on that, including SPF -all, the MX 0 . proposal, and  
> attempts to shoehorn it into SSP/ADSP.
>
> Keeping in mind that there is no inherent reason to believe any  
> assertions that a domain makes about itself, nor is there any reason  
> for a receiver to do anything a sender tells it to do, can we say  
> anything interesting about what assertions are likely to be useful,  
> and what are the best ways to communicate them?  Discuss.

A self-assertion which has a positive effect on the delivery rate of  
the apparent sender is unlikely to be believed, as any crook can make  
that assertion, and many will.

A self-assertion that's neutral is likely to be believed, as there's  
no immediate advantage to the bad guys in making it.

A self-assertion which has a negative effect on the delivery rate of  
the apparent sender of mail is likely to be believed, as there's no  
real incentive for the domain owner to publish it, apart from "because  
it's true". "I send no mail" is the obvious example of that.

"I send no mail" is interesting in another way, as it (by definition)  
needs to be transmitted out of band, which makes it much more  
complicated to do than in-band assertions, while still being simple  
enough to discuss as an "obvious" example of an out-of-band assertion  
that might be useful, hence the interest in it.

Many other assertions are transmitted in-band "This is a mime  
message", "This was sent on this date", "this was sent by this  
person", "this is an html message" and so on.

Cheers,
   Steve