My quick comments for anyone considering ADSP:
ADSP is great if 100% of the mail you send from your domain is actually
compliant to ADSP's strict definition of what an "author domain signature" is
(and "discardable" is fine if you don't mind losing mil that traverses mailing
lists). So that's really the starting point for anyone considering ADSP. But
the second step is to go out and get a feedback loop from some intermediaries
or mailbox providers. Without visibility into what is happening with your mail
after an authentication result is established, you are blind to your
deliverability (which is not healthy because your false-positive rates could
spike and you'd never know).
Some day ADSP will have to be "fixed" or "replaced" with something more useful
to a broader set of use cases, and more usable in terms of facilitating the
right kind of reporting/feedback loops. But that's a story for another day ;-)
In the meantime, we are getting utility from ADSP.
-- Brett
On Feb 13, 2011, at 9:42 PM, Jim Fenton wrote:
On 02/09/2011 07:25 AM, John Levine wrote:
However, I did not know about the _adsp_ record. I know that
dkim-filter will look for this.
i) Should I add one.
Unless your name is Paypal, please don't.
ADSP is debatably of some use for the elite group of senders whose
domains are widely forged, and whose recipients are likely to suffer a
significant loss if they're fooled by the forgeries. For the other
99.999% of senders, it's just a way to ensure that some of your real
mail is thrown away.
A dissenting opinion:
I have been using ADSP "dkim=all" for quite some time from this domain
and have had no indication that any of my mail has been dropped. Note
that my mail usage patterns are consistent with dkim=all (messages
always go through my MTA that does the signing), but I do send through
mailing lists such as this one that undoubtedly invalidate my DKIM
signature.
"dkim=discardable" is really intended for the domains John describes:
transactional domains like PayPal that (1) sign all their messages, (2)
don't generally send through mailing lists, etc. that invalidate their
signatures, and (3) would rather that a valid message be dropped than to
have a spoofed message make it through.
I'm not trying to kick off a new debate but thought that I should point
out that John's opinion isn't universally held.
-Jim
_______________________________________________
dkim-ops mailing list
dkim-ops(_at_)mipassoc(_dot_)org
http://mipassoc.org/mailman/listinfo/dkim-ops
_______________________________________________
dkim-ops mailing list
dkim-ops(_at_)mipassoc(_dot_)org
http://mipassoc.org/mailman/listinfo/dkim-ops