> >Also is there a qualification for asking a receiver to "discard" mail? >Can only Heavily phished domain ask? Can it be lightly >phished? Is there a certain threshold of "phished mail? Or >does DISCARDABLE also mean "No sorry. You are not suffering >enough to have the right to ask me to discard mail." ??? > >
Without intending to put words in John's mouth, I think what he meant is that there is the risk of some legitimate email being lost if a receiver respects a discardable assertion. In that respect, sending domains need to consider carefully the implications of making a discardable assertion. Something along the lines of "careful what you ask for because you just might get it". The other factor is that receiving domains are going to consider complaints received by their users for undelivered email in their calculation of whether to respect a discardable assertion. We all know that there are quite a few domains that have implemented all manner of things incorrectly, poorly or with a misunderstanding of the consequences of their actions. Once there is more experience with SSP/Discardable/etc on the part of senders and receivers, I expect this to be less of a problem - or should I say "I hope". Finally, it may be that domains use some sort of decision matrix uinvolving DKIM and a discardable assertion in the context of other factors such as a strong SPF assertion. If a particular email fails SPF AND fails DKIM they may discard it. On the other hand, if it passses SPF but fails DKIM they may choose not to discard it. As a signing sender - even with some feedback from some receivers - I'm still not in a position to give specific numbers with regard to broken signatures from forwarding, etc. The numbers appear to be relatively small but from the receiver domain perspective (with regard to complaints), how small is small enough? While I'm an advocate of discardable, I recognize that it isn't for everyone. I've said this all along. I also recognize though that it is the receiver domain customer support staff that are likely to hear (first) about undelivered emails. The receiver domain is likely to choose to balance the benefit from listening to discardable assertions and the increase in support calls that might result from any particular domains discardable assertion. Just a few thoughts. Mike _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
