* DKIM is a really well developed standard for signing email
Right, but emphasize that the granularity is a signing domain -- it is
not and cannot be a way to attribute mail to individual people.
* Combined with ADSP=discardable it can filter email at ISP gateways without
too much fear of unduely lost email
* BUT otherwise its useless in its current state.
I wouldn't say that. It's quite useful as is to recognize signed mail
from people you know. Paypal is the obvious example, their legit
volume is high enough to most places that it's worth whitelisting
their signed mail, which then lets you crank up the phish filters to
catch the unsigned fakes.
Be sure to tell them that ADSP is not useful, according to one of the
authors of the ADSP RFC. Rather than fooling around with with the
near zero S/N ratio of ADSP, whitelist people you know, perhaps put in
a few special cases to drop unsigned mail from phish targets like
Paypal and Amazon who sign all their mail. (Amazon still signs with
DK, but most filters can deal with that.)
If you're an ISP, signing your own mail is of limited value unless you
exchange a lot of mail with Yahoo and Google, which you probably
do. In that case it helps them to recognize your mail stream, and in
Yahoo's case send back FBL reports when people hit the spam button.
NOTE WELL: This list operates according to