On 02/09/2011 07:25 AM, John Levine wrote: >> However, I did not know about the _adsp_ record. I know that >> dkim-filter will look for this. >> >> i) Should I add one. > Unless your name is Paypal, please don't. > > ADSP is debatably of some use for the elite group of senders whose > domains are widely forged, and whose recipients are likely to suffer a > significant loss if they're fooled by the forgeries. For the other > 99.999% of senders, it's just a way to ensure that some of your real > mail is thrown away. >
A dissenting opinion: I have been using ADSP "dkim=all" for quite some time from this domain and have had no indication that any of my mail has been dropped. Note that my mail usage patterns are consistent with dkim=all (messages always go through my MTA that does the signing), but I do send through mailing lists such as this one that undoubtedly invalidate my DKIM signature. "dkim=discardable" is really intended for the domains John describes: transactional domains like PayPal that (1) sign all their messages, (2) don't generally send through mailing lists, etc. that invalidate their signatures, and (3) would rather that a valid message be dropped than to have a spoofed message make it through. I'm not trying to kick off a new debate but thought that I should point out that John's opinion isn't universally held. -Jim _______________________________________________ dkim-ops mailing list [email protected] http://mipassoc.org/mailman/listinfo/dkim-ops
