On Oct 31, 2008, at 7:38 AM, Peter P. Benac wrote:
Hector,
Have you ever considered that the " laisez-faire dropping of mail
by operators" as you put it, is done to thwart spammers and email
miners? My system spends a great deal of time sending email to
addresses that do not exist to tell them the system rejected their
email. Worse, it sends email to people whose addresses have been
spoofed telling them I rejected email they never sent. My
postmaster account is full of rejects of my rejects.
The whole idea of DKIM is to make email more reliable. If I have
my DKIM set to discardable I really don't want to have to process
email telling me that some spoofer's email was discarded. Why
should my resources be used for such a purpose when I didn't send
the original in the first place?
I don't condone the practice of just dropping the mail, but
sometimes "standards" need to catch up with reality.
Peter,
If the recipient of a message from a domain that publishes a record
that reliably causes invalid messages to be rejected, and where
recipients also comply then with RFC 5321 section 3.6.3 Message
Submission Servers as Relays, or section 4.5.5 Messages with a Null
Reverse-Path, there should be little difficulty in detecting
fraudulent messages. When the ultimate delivery of fraudulent
messages is controlled, there should be much less incentive to issue
these messages. There is no reason to not to conform with the advice
of RFC 5321 section 6.2 Unwanted, Unsolicited, and "Attack" Messages
and to issue DSNs per section 4.5.5 per DKIM compliance failures.
In the case of ADSP, ADSP needs to catch up to reality. There is no
reason to encourage the silent discard of messages, as you have
understood "discardable" to mean. Since ADSP protections are likely
to be used for commerce related activity, reliability of the
transaction remains essential.
As a side note, applications such as MailMan issue error notifications
and that do not follow RFC 5321 section 4.5.5. Here "catching up" to
the specifications is desperately required.
Those that follow RFC 5321's advice should soon find their MTAs are
not as heavily abused. Bad actors are becoming better at determining
where email is accepted prior to vetting, and where messages are
rejected with the original content "as if" originating from the system
rejecting the message. It seems unlikely ADSP will prevent
problematic applications from continuing to be problematic. However,
silently discarding messages, as you appear to recommend, is sure to
mean email will soon become far less reliable. Unlike SPF's "+all"
recommendations likely acted upon within an SMTP session, it is more
common to find DKIM signature validation happens after acceptance for
delivery and even after other vetting efforts. Using the term
"discardable" represents a significant mistake, based upon your
interpretation that even follows John Levine's somewhat muddled
clarifications. : (
-Doug
_______________________________________________
dkim-ops mailing list
dkim-ops(_at_)mipassoc(_dot_)org
http://mipassoc.org/mailman/listinfo/dkim-ops