On 02/09/2011 07:25 AM, John Levine wrote:
However, I did not know about the _adsp_ record. I know that
dkim-filter will look for this.
i) Should I add one.
Unless your name is Paypal, please don't.
ADSP is debatably of some use for the elite group of senders whose
domains are widely forged, and whose recipients are likely to suffer a
significant loss if they're fooled by the forgeries. For the other
99.999% of senders, it's just a way to ensure that some of your real
mail is thrown away.
A dissenting opinion:
I have been using ADSP "dkim=all" for quite some time from this domain
and have had no indication that any of my mail has been dropped. Note
that my mail usage patterns are consistent with dkim=all (messages
always go through my MTA that does the signing), but I do send through
mailing lists such as this one that undoubtedly invalidate my DKIM
signature.
"dkim=discardable" is really intended for the domains John describes:
transactional domains like PayPal that (1) sign all their messages, (2)
don't generally send through mailing lists, etc. that invalidate their
signatures, and (3) would rather that a valid message be dropped than to
have a spoofed message make it through.
I'm not trying to kick off a new debate but thought that I should point
out that John's opinion isn't universally held.
-Jim
_______________________________________________
dkim-ops mailing list
dkim-ops(_at_)mipassoc(_dot_)org
http://mipassoc.org/mailman/listinfo/dkim-ops