In <[EMAIL PROTECTED]> Michael Thomas <[EMAIL PROTECTED]> writes:
> Part of the problem here is the past record of SPF with over-zealous > 550 if there's any hint of bogosity. We, for example, would be > forced to take down a "we sign everything" policy if that were to > happen with DKIM -- even though we'll be signing everything pretty > soon. Based on the past record with SPF, is the any reason to believe that, people won't treat "I sign some email" as the same as "I sign all email" and reject email that does not have a valid first party signature? There are certainly lots of people who treat publishing SPF records that end in NEUTRAL more harshly than not publishing SPF records at all and this has caused at least one major ISP to remove their SPF records. (Yes, this is assuming DKIM reaches the same level of deployment that SPF had back in early 2003. There isn't much danger right now.) > If there were a qualifier in the "I sign everything policy" > that specifically implies that sending a 550 based on a missing DKIM > signature alone is extremely bone-headed" then maybe we can both. This is somewhat along the lines of SPF's SOFTFAIL. You will find some people who reject based solely on seeing a SOFTFAIL and you will find others claiming that SOFTFAIL is functionally equivalent to NEUTRAL. > The current SSP has o=! t=y which could in a tortured way be > construed to have that semantic: "I sign everything, but hey I'm > testing so take it for what it's worth". If we have something more > formalized, them maybe we can accommodate these two pretty different > scenarios. Expect people to ignore the t=y flag also. Really, anyone who thinks that signing email with DKIM (or DK or IIM) will not directly cause some of your valid, non-spam, email to be rejected is fooling themselves. Receivers are free to do whatever they want with their servers, including extremely bone-head things. Personally, I think there is some value in distinguishing between "I sign everything and never send to mailing lists and other know mungers", "I sign everything, but also send to known mungers", and "I know I don't sign everything". -wayne _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
