----- Original Message -----
From: "Damon" <deepvoice(_at_)gmail(_dot_)com>
To: "Hector Santos" <hsantos(_at_)santronics(_dot_)com>
4.7. DSAP Tag: t=y
The t=y tag is optional. If defined, the domain is currently testing
DKIM. Verifiers SHOULD NOT treat testers any different from
production mode signers. It SHOULD NOT be used as a way to bypass a
failed signature classification policies. However, verifiers SHOULD
track testers for over extended usage of test signatures and MAY
consider using the results to provide feedback to the domain.
And other words, the testing flag will not be tolerated as well.
Whew Hector,
I see what you are getting at but... have any idea how many domains I
am currently tracking for reputation?! How long would I have to keep
that data?
The bots would cause me to get google size boxes alone.
Reminds me of the time I suggested a "auto-expiring" DNS tag. That
went over like a lead balloon.
Is there another way you could do this?
Well, the whole idea for testing is a migration concept, which implies, a
system exposes an attribute that they are "testing" should be a time
limited operation.
The idea of saying "Look buddy, pardon my mistakes but I am testing so
please don't reject my errors" is inherently risky to allow indefinitely.
I suggest a time limit concept for implementations as I suggested the same
with SPF to modify the Migration write up to include a default expiration
concept for migration. I left it open ended but cited examples of 3, 6
months. This would be for verifiers to implement. But you wanted to
document this for senders to understand that there is a LIMIT on testing.
See example below:
Back in MARID, I suggested how one could develop a business model on
reporting by charging systems to obtain feedback and I said this
facetiously, because if someone wants a report, they will have to pay for
any overhead involved. The bad side is that this may be a cat's meow for
the Direct Marketing industry. They will love to get as much feedback as
they get can. So they might pay a few pennies or whatever to get reports.
Example where Testing is abused:
Check out Microsoft's Callerid record - it is still under testing after two
years!!! <g>
V:\rfc\dkim>nslookup -query=txt _ep.microsoft.com
Non-authoritative answer:
_ep.microsoft.com text =
"<ep xmlns='http://ms.net/1' testing='true'><out><m>"
"<mx/><a>213.199.128.160</a><a>213.199.128.145</a>
<a>207.46.71.29</a>
<a>194.121.59.20</a>
<a>157.60.216.10</a><a>131.107.3.116</a>
<a>131.107.3.117</a>
<a>131.107.3.100</a>"
"</m></out></ep>"
I guess some engineer at MS forgot to remove it. :-)
But this is what I am talking about where a testing flag should not be
tolerated.
--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html