On Feb 21, 2006, at 9:47 PM, SM wrote:
At 11:00 20-02-2006, Douglas Otis wrote:
What action is expected of the email-address domain owner when
making the report?
It is to take whatever corrective action the person deems it
necessary.
While the signing-domain can take effective actions, please attempt
to list the actions the email-address domain owner may take?
Consider the effect of only having report vectors referenced from the
email-address domain, rather than the signing-domain who is able to
take effective action to correct a full range of problems that might
be reported. Report references from the email-address domain
unfortunately invites abuse reports when publishing open-ended
policies. When the email-address domain owner publishes an open-
ended policy, the likely corrective action would be to remove the
report tag. So how does a signing-domain that also has an open-ended
policy safely offer a report vector? They can't. So how does a
email-address domain owner with an open-ended policy safely offer a
report vector. They can't either.
A report vector acquired from the signing-domain would concern _only_
messages they have signed, and not messages that happen to contain an
email-address within their domain. For domains where use of their
email-address is critical, they will exclusively sign their own
messages, which makes obtaining the report vector from the signing-
domain an equivalent outcome. Having a report vector acquired from a
signing-domain reference is the _only_ safe and reasonable means to
provide this reporting feature and still permit open-ended policies.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html