ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] A more fundamental SSP axiom

2006-08-04 14:09:40
In <44D36203(_dot_)2060803(_at_)mtcc(_dot_)com> Michael Thomas 
<mike(_at_)mtcc(_dot_)com> writes:

Part of the problem here is the past record of SPF with over-zealous
550 if there's any hint of bogosity. We, for example, would be
forced to take down a "we sign everything" policy if that were to
happen with DKIM -- even though we'll be signing everything pretty
soon.

Based on the past record with SPF, is the any reason to believe that,
people won't treat "I sign some email" as the same as "I sign all
email" and reject email that does not have a valid first party
signature?  There are certainly lots of people who treat publishing
SPF records that end in NEUTRAL more harshly than not publishing SPF
records at all and this has caused at least one major ISP to remove
their SPF records.

(Yes, this is assuming DKIM reaches the same level of deployment that
SPF had back in early 2003.  There isn't much danger right now.)


      If there were a qualifier in the "I sign everything policy"
that specifically implies that sending a 550 based on a missing DKIM
signature alone is extremely bone-headed" then maybe we can both.

This is somewhat along the lines of SPF's SOFTFAIL.  You will find
some people who reject based solely on seeing a SOFTFAIL and you will
find others claiming that SOFTFAIL is functionally equivalent to
NEUTRAL.


The current SSP has o=! t=y which could in a tortured way be
construed to have that semantic: "I sign everything, but hey I'm
testing so take it for what it's worth". If we have something more
formalized, them maybe we can accommodate these two pretty different
scenarios.

Expect people to ignore the t=y flag also.


Really, anyone who thinks that signing email with DKIM (or DK or IIM)
will not directly cause some of your valid, non-spam, email to be
rejected is fooling themselves.  Receivers are free to do whatever
they want with their servers, including extremely bone-head things.


Personally, I think there is some value in distinguishing between "I
sign everything and never send to mailing lists and other know
mungers", "I sign everything, but also send to known mungers", and "I
know I don't sign everything".


-wayne
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html