dkim-ops
[Top] [All Lists]

Re: [dkim-ops] BCP for authorizing third-parties ([...] was subdomain vs. cousin domain)

2010-09-14 08:55:35
Here is why a paper should be written (BCP or not, IETF or not)..

On Sep 13, 2010, at 6:08 PM, J.D. Falk wrote:
They say the former scenario where ESPs sign with their own domains is still 
more common, because in general ESPs are more authentication-savvy than their 
clients tend to be.  

Ah, a deployment decision driven primarily by ignorance... that's an 
opportunity for us to educate.

The ESP domain wasn't chosen because anyone thinks it's a better practice, 
however.  

Ah, even worse, a deployment decision that is not even considered a better 
decision, driven by ignorance.

It's because otherwise, they'd be sending unauthenticated mail

So these less sophisticated senders aren't acting as if they are aware of their 
options and they are defaulting to a deployment configuration simply because 
they don't understand or are not prepared to deploy the alternative.

-- and many in the ESP world fear disastrous deliverability consequences if 
they aren't fully buzzword-compliant.

If the ESP's are worried about the sophistication of their clients then they 
may not be on the front lines trying to educate their clients of this key 
management alternative that more sophisticated senders are deploying.

So, I don't want to argue over whether or not this group (or IETF DKIM) should 
publish a BCP around this, I just want to find out sooner than later whether or 
not their is a rough consensus to pursue it here or not (then I'll know what I 
have to do next).

-- Brett
_______________________________________________
dkim-ops mailing list
dkim-ops(_at_)mipassoc(_dot_)org
http://mipassoc.org/mailman/listinfo/dkim-ops

<Prev in Thread] Current Thread [Next in Thread>