On 04/29/2010 11:17 AM, Powers, Jot wrote: > On 4/29/10 11:12 AM, "Michael Thomas"<[email protected]> scribbled: > >> With respect to DKIM, anybody who filters based on broken signatures without >> any (or little) other input pretty much deserves the false positive rate >> they're complaining about. > > Ok. I think we (PayPal) are on the same page. We recognized that > DomainKeys with "o=-" and DKIM without "t=y" and ADSP with > "dkim=discardable" is likely to have some collateral damage. We > work to minimize it but believe the value in preventing phish > is worth that cost. > > Not like email has ever been guaranteed delivery. ;)
Ok, I just looked at you ADSP record which I have a lot more familiarity. I'd say that yes, your ADSP record is misconfigured if you expect your messages to survive through mailing lists. discardable is a very restrictive policy which is appropriate for transactional mail, etc, that you really don't care if it gets thrown away if somebody (like a mailing list) breaks the signature. What I'd advise is something like put all of your transactional mail in a subdomain and set it to "discardable", but don't do that to all your corpro users. There are other ways to go about this, but I'd say that you're playing with fire lumping all your stuff together as it appears that you're doing now. Or you can just do what a lot of people do which is to tell users of external lists not to post from their corpro accounts :) Mike _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
