Comments in-line > -----Original Message----- > From: Suresh Ramasubramanian [mailto:[email protected]] > Sent: Sunday, March 08, 2009 8:59 PM > To: MH Michael Hammer (5304) > Cc: IETF-DKIM > Subject: Re: [ietf-dkim] Handling the errata after the consensus call > > On Sun, Mar 8, 2009 at 8:58 PM, MH Michael Hammer (5304) <[email protected]> > wrote: > > Suresh, notwithstanding what some vendors might wish in terms of > > reputation, the case for ADSP is and always has been to leverage DKIM to > > be able to say "this domain signs all mail" in one way or another. > > That seems like an overly complex, rube goldbergish way to indicate > it. More like developing spf, with your sole reason being to publish > "v=spf1 -all" indicating that a domain never sends email. >
Please offer a better way of indicating that mail is always signed. I think your analogy to SPF is not quite correct. The SPF record itself includes the ability to make a strong assertion (a record that ends with -all but is not solely -all) as well as a means of indicating that one does not send mail from a particular domain (publish only -all). The base DKIM spec does not provide a way to specify one signs all email. > And it is still not something I would trust without confirmation and > verification out of band (this, having noticed more than one wrong spf > declaration that if we'd bothered to check on in our mailserver, would > have resulted in lost mail) > That is your choice as a receiver. I'm not sympathetic to senders that publish incorrect or broken SPF records just as I'm not sympathetic to senders who publish incorrect DKIM records. This is no different than someone publishing incorrect DNS records. It may be that you as a receiver choose to require some other confirmation and verification before you act on what a domain publishes. That is your prerogative. On the other hand, one of the reasons I am a strong proponent for both SPF and DKIM (+ADSP) is that it provides a way to scale beyond one to one out of band correspondence between sender and receiver. > Further, at least from my perspective, it is not something I would > bother to check for all but a few significant domains. > Again, different receivers will make different choices about what they do. Isn't freedom of choice a grand thing? Mike _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
