-----Original Message-----
From: Douglas Otis [mailto:dotis(_at_)mail-abuse(_dot_)org]
Sent: Wednesday, September 29, 2010 6:03 PM
To: Murray S. Kucherawy
Cc: dkim-dev(_at_)mipassoc(_dot_)org; ietf-dkim(_at_)mipassoc(_dot_)org
Subject: Re: [ietf-dkim] Authorizing List Domains
While done with the best intentions, the dkim-mailinglists draft in
section 4.1 Author-Related Signing, recommendations should be
considered
a bad practice for domains being phished and making strict ADSP
assertions.
http://tools.ietf.org/html/draft-ietf-dkim-mailinglists-02#page-11
[...]
Although of course the chairs have final rule on this point, I suspect the
paragraph I've cited is the only one that covers a topic within our current
charter. None of the various ADSP-adjunct stuff is actually chartered material.
I'm confused. You say TPA allows fallback to other adopted
verification methods, but you also say it refers specifically to
DKIM/ADSP deliverability. I'm not clear on how both can be
simultaneously true.
SPF authorizations fail more often than DKIM signature validations, but
the percentages for either are not insignificant. As such, some
domains
would like path verifications to act as a fallback method whenever DKIM
signatures don't verify.
I would submit then that this work actually exceeds the scope of the DKIM WG.
It might more appropriately be pursued either in a new WG that has as its scope
all available authentication schemes, or as an individual submission.
Requiring additional header field compliance better ensures
different mail streams remain recognizable by recipients. Many
MUAs already display Sender,
Which ones? None that I've ever used do.
Perhaps you have not used Microsoft Outlook [...]
Actually, I'm writing this to you from Outlook.
_______________________________________________
dkim-dev mailing list
dkim-dev(_at_)mipassoc(_dot_)org
http://mipassoc.org/mailman/listinfo/dkim-dev