----- Original Message -----
From: "Damon" <[EMAIL PROTECTED]>
To: "Hector Santos" <[EMAIL PROTECTED]>
>> 4.7. DSAP Tag: t=y
>>
>> The t=y tag is optional. If defined, the domain is currently testing
>> DKIM. Verifiers SHOULD NOT treat testers any different from
>> production mode signers. It SHOULD NOT be used as a way to bypass a
>> failed signature classification policies. However, verifiers SHOULD
>> track testers for over extended usage of test signatures and MAY
>> consider using the results to provide feedback to the domain.
>>
>> And other words, the testing flag will not be tolerated as well.
>>
>
> Whew Hector,
>
> I see what you are getting at but... have any idea how many domains I
> am currently tracking for reputation?! How long would I have to keep
> that data?
> The bots would cause me to get google size boxes alone.
> Reminds me of the time I suggested a "auto-expiring" DNS tag. That
> went over like a lead balloon.
>
> Is there another way you could do this?
Well, the whole idea for testing is a migration concept, which implies, a
system exposes an attribute that they are "testing" should be a time
limited operation.
The idea of saying "Look buddy, pardon my mistakes but I am testing so
please don't reject my errors" is inherently risky to allow indefinitely.
I suggest a time limit concept for implementations as I suggested the same
with SPF to modify the Migration write up to include a default expiration
concept for migration. I left it open ended but cited examples of 3, 6
months. This would be for verifiers to implement. But you wanted to
document this for senders to understand that there is a LIMIT on testing.
See example below:
Back in MARID, I suggested how one could develop a business model on
reporting by charging systems to obtain feedback and I said this
facetiously, because if someone wants a report, they will have to pay for
any overhead involved. The bad side is that this may be a cat's meow for
the Direct Marketing industry. They will love to get as much feedback as
they get can. So they might pay a few pennies or whatever to get reports.
Example where Testing is abused:
Check out Microsoft's Callerid record - it is still under testing after two
years!!! <g>
V:\rfc\dkim>nslookup -query=txt _ep.microsoft.com
Non-authoritative answer:
_ep.microsoft.com text =
"<ep xmlns='http://ms.net/1' testing='true'><out><m>"
"<mx/><a>213.199.128.160</a><a>213.199.128.145</a>
<a>207.46.71.29</a>
<a>194.121.59.20</a>
<a>157.60.216.10</a><a>131.107.3.116</a>
<a>131.107.3.117</a>
<a>131.107.3.100</a>"
"</m></out></ep>"
I guess some engineer at MS forgot to remove it. :-)
But this is what I am talking about where a testing flag should not be
tolerated.
--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
