On 02/09/2011 07:25 AM, John Levine wrote:
>> However, I did not know about the _adsp_ record.  I know that
>> dkim-filter will look for this.
>>
>>      i) Should I add one.
> Unless your name is Paypal, please don't.
>
> ADSP is debatably of some use for the elite group of senders whose
> domains are widely forged, and whose recipients are likely to suffer a
> significant loss if they're fooled by the forgeries.  For the other
> 99.999% of senders, it's just a way to ensure that some of your real
> mail is thrown away.
>

A dissenting opinion:

I have been using ADSP "dkim=all" for quite some time from this domain 
and have had no indication that any of my mail has been dropped.  Note 
that my mail usage patterns are consistent with dkim=all (messages 
always go through my MTA that does the signing), but I do send through 
mailing lists such as this one that undoubtedly invalidate my DKIM 
signature.

"dkim=discardable" is really intended for the domains John describes: 
transactional domains like PayPal that (1) sign all their messages, (2) 
don't generally send through mailing lists, etc. that invalidate their 
signatures, and (3) would rather that a valid message be dropped than to 
have a spoofed message make it through.

I'm not trying to kick off a new debate but thought that I should point 
out that John's opinion isn't universally held.

-Jim
_______________________________________________
dkim-ops mailing list
[email protected]
http://mipassoc.org/mailman/listinfo/dkim-ops

Reply via email to