On Mon, Mar 9, 2009 at 7:47 PM, MH Michael Hammer (5304) <[email protected]> wrote: > I think your analogy to SPF is not quite correct. The SPF record itself > includes the ability to make a strong assertion (a record that ends with > -all but is not solely -all) as well as a means of indicating that one > does not send mail from a particular domain (publish only -all). The > base DKIM spec does not provide a way to specify one signs all email.
I'm happy to leave it at this stage - > 6.3. Interpret results / apply local policy > (for example, when communicating with a peer who, by prior agreement, agrees > to only send signed messages) And as for this .. > That is your choice as a receiver. I'm not sympathetic to senders that > publish incorrect or broken SPF records just as I'm not sympathetic to > senders who publish incorrect DKIM records. This is no different than > someone publishing incorrect DNS records. I have little or no sympathy for them. But broken spf records were common enough, and then broken spf checking at various receiver sites was even more common that we decided to remove our spf records in 2005. If your sole goal in ADSP is "declare that domain x signs all mail" then there could be a far simpler and more cut down version of ADSP that'd fit the bill. To wit - the "locked ADSP record" part. And if that's all that is required .. why then, I dont see why that part of it cant be shoehorned into the base 4871 spec somehow - perhaps in -bis as a newly defined tag. > strong proponent for both SPF and DKIM (+ADSP) is that it provides a way > to scale beyond one to one out of band correspondence between sender and > receiver. Once it scales, given the complexity - and the heavy push for reputation, it will be extensively gamed. --srs _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
