dkim-ops
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [dkim-ops] Q: "dkim=discardable"

2008-10-30 12:05:14
from [MH Michael Hammer (5304)] [Permanent Link] 



-----Original Message-----
From: dkim-ops-bounces(_at_)mipassoc(_dot_)org

[mailto:dkim-ops-bounces(_at_)mipassoc(_dot_)org]

On Behalf Of John R Levine
Sent: Thursday, October 30, 2008 10:13 AM
To: Byung-Hee HWANG
Cc: dkim-ops(_at_)mipassoc(_dot_)org
Subject: Re: [dkim-ops] Q: "dkim=discardable"


At Author Domain Signing Practices (ADSP) specification, just i'm
wondering about "dkim=discardable" rule. It seems like SPF's "fail".

So

i think that's the most powerful policy to keep DKIM's philosophy

than

the others. Do I understand correctly about "dkim=discardable"?


Not really.  If you use the "discardable" setting, you are telling

people

that your mail is not very important, so they should discard it

without

reading it if doesn't have a valid signature.  


I think most of the likely candidate domains for using "discardable"
would disagree with your assertion John. It is not that the domain
owner/administrator feels their mail "is not very important". It is that
the domain owner has taken significant steps to identify that all of the
email they send is properly signed and that due to a significant risk of
abuse of their domain by phishing, malware Trojans, etc, they recommend
discarding email that does not properly validate. This is a far cry from
asserting their mail is not very important.


This means that if you send
mail through a mailing list, or any other path that happens to make

minor

changes to messages that break the signature, people won't see it.



Banks, PayPal and other organizations that are likely candidates to use
"discardable" don't "happen" to send transactional or account mail
through a public mailing list that forwards email. Next example?


For example, your message to which I am responding would have a broken
signature due to the tag that the list added to the subject line.  If

I

were using ADSP, I would have discarded your mail without reading it.
That is probably not what you want.

The number of domains that should use discardable is very small.  It's
really only useful for banks and places like Paypal sending out

notices

about accounts, not for any domain with individual users.


dig +short _adsp._domainkey.izb.knu.ac.kr. TXT "dkim=discardable\;"


This message has a minor syntax error.  There should not be a \

character

before the semicolon.



This is a different issue. If the person got their MX or A record wrong
they would have major issues. There has to be a presumption that an
organization (or individual) that takes certain steps is going to:

a) configure their records correctly and;
b) test and monitor what they are doing over time or;
c) accept that not doing so may lead to sub-optimal outcomes for
themselves and the people they deal with.

Mike




Regards,
John Levine, johnl(_at_)taugh(_dot_)com, Taughannock Networks, Trumansburg NY
"I dropped the toothpaste", said Tom, crestfallenly.
_______________________________________________
dkim-ops mailing list
dkim-ops(_at_)mipassoc(_dot_)org
http://mipassoc.org/mailman/listinfo/dkim-ops


_______________________________________________
dkim-ops mailing list
dkim-ops(_at_)mipassoc(_dot_)org
http://mipassoc.org/mailman/listinfo/dkim-ops
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [dkim-ops] Q: "dkim=discardable", John R Levine
Next by Date:  Re: [dkim-ops] Q: "dkim=discardable", John R Levine
Previous by Thread:  Re: [dkim-ops] Q: "dkim=discardable", John R Levine
Next by Thread:  Re: [dkim-ops] Q: "dkim=discardable", John R Levine
Indexes:  [Date] [Thread] [Top] [All Lists]