John Levine wrote:
that leads me to suspect that maybe Yahoo is really officially
carrying BellSouth customers' email.
Yes, Yahoo handles much if not all of the mail for AT&T's ISP subsidiaries.
The problem is that bellsouth.net has no selector named s1024. However,
yahoo.com does:
Right. It's a bug at Yahoo's end.
But it's also a bug at your end, since the DKIM spec is quite clear
that a signature that can't be verified is equivalent to no signature.
Clear or not, this semantic will never make sense and will continue to
be a source of confusing. I suspect this to be a continued problem
since DKIM lacks proper failure analysis and handling. Regardless of
what is written, explicit DKIM Failure does not properly relate to no
signature ever existed. That semantic applied very well when SSP
(POLICY) existed and it assisted with an enforcement of a proper
signing requirement, 1st or 3rd party. Lacking policy or any other
kind of "helper" logic, it becomes very difficult to just accept this
Fail=No Signing concept. No one should be surprise its continues to be
a thorn. The fact that yahoo has taken over many domains from AT&T,
makes the issue very sensitive for many receivers who are already very
leary of the bulk bad mail purportedly from these large ISP domains.
--
Sincerely
Hector Santos
http://www.santronics.com
_______________________________________________
dkim-ops mailing list
dkim-ops(_at_)mipassoc(_dot_)org
http://mipassoc.org/mailman/listinfo/dkim-ops