----- Original Message -----
From: "Michael Thomas" <mike(_at_)mtcc(_dot_)com>
To: "Steve Atkins" <steve(_at_)blighty(_dot_)com>
I think that a guiding principle that has served us well here
is that decisions about what to do with the information provided
to the receiver is strictly up to the local policy of the receiver.
Phrasing this as an information service rather than the signer trying
tell a receiver what to do seems like a much more likely path to
success to me.
I think this is a +1.
In the final analysis, if a domain wants to have a signing policy which
allows for failure, it should not expect mail receivers to tolerate the
high potential for exploitation and abuse.
I can almost assure you with 100% certainty we will be uss any new level of
non-legacy information (that we lacked before) made available, whether its
DKIM today or the new mouse trap tomorrow, to provide stronger mail
filtering rules based on a new level on non-legacy operations.
So if the BAD GUY wants to avoid this new level of scrunity, he will quickly
realized that his best recourse is to avoid DKIM domains because that puts
back into the legacy mode considerations.
The DKIM domain with relaxed signing provision is only going to hurts its
own reputation, especially as the ratio of FAILURE/SUCCESS gets higher and
Thats nothing new I am saying. We do this today with everything else that
is out there. We detect what we can and reject it. The problem has always
been about the legacy mail client. There is no rules to strong rules to
control the abuse of legacy operations. But as soom as a DOMAIN begin or
MAIL comes in with purported DKIM markings, we are in a whole new world
Hector Santos, Santronics Software, Inc.
NOTE WELL: This list operates according to