Jim Fenton wrote: > I'm (obviously) not as much of a fatalist when it comes using dkim=all. I > believe there are things that one can usefully do, such as to "raise the bar" > on content filtering, if a message fails a dkim=all ADSP.
Jim, What you write sounds great. Unfortunately, I have no idea what its software or operations impact could or should be. This isn't about being a fatalist; it is about protocol semantics and whether non-participating intermediaries experience a failure that is not their fault. If we are to assert conclusions of operational effect or non-effect, we need to be very careful that it is based on reasonable methodology. That you are not (yet) experiencing a problem by publishing an =all doesn't mean much if, for example, virtually no receivers are looking for an ADSP record and/or virtually no receivers are making handling decisions based on ADSP records. Before you report your personal experiences, could you include data about the receivers, please? >> To claim that one signs all mail is to imply that anyone receiving mail >> from them should see a valid signature. >> > > Hardly. I thought that it was you that was making the point all this time > that all SSP/ADSP could do is describe the sender's practices, and could not > imply receipt of a valid signature. Imply is different from dictate. What is the point of signing? What is the point of publishing an ADSP record? If there is no expectation that it will have some effect at the receiver, then what really is the point of all this work. If there is expectation that an ADSP record will have some impact at a receiver, then there needs to be some expectation that the impact will be upon messages that have an ADSP record but do not have a valid DKIM signature of the type ADSP promises. >> Mail sent through list servers invites the problem of receivers getting >> mail that does not have the promised valid signature, since intermediaries >> are re-posting the message and are free to make whatever changes they see >> fit. >> >> Hence, saying -all for mail that goes through intermediaries which might >> affect the signature is inviting receivers to treat the received mail with >> hostile prejudice. >> > > Depends on what "hostile prejudice" means. If it means using other filtering > measures more rigorously, I'm fine with that. Publishing ADSP is a proactive step. Failing an ADSP test is different from failing to validate a signature. It therefore is reasonable to expect that the first failure will have a different effect from the second. In this case, "different" seems most likely to mean "worse". d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
