[mailto:ietf-dkim-bounces(_at_)mipassoc(_dot_)org] On Behalf Of Damon
Here is the scenario:
My CEO calls me and says, "I sent an email to the SEC and
they never got it!"
- I tell him to hang on whilst I check the logs (and I finish
my bagel) ... "We are showing a successful delivery. I will
get hold of the postmaster at the SEC an figure it out."
So I spend half a day trying to get the right schmuck on the
phone and another half a day trying to convey the urgency.
OK so sounds to me like what you are saying is that to turn on strong policy
rejection you need to also turn on some sort of reporting mechanism when
exceptions occur.
The scenario you describe here is premised on the idea that it’s a one strike
policy and that being incorrectly identified as spam is not a problem.
This type of problem is inevitable at some level without feedback regardless of
whether you have policy or not.
'I sign all' is not the same as 'Reject without a signature'.
'I sign all' plus 'I am a bank targetted by phishing' may well be a good reason
for Comcast to decide that no signature means reject. That would not be a good
policy for the SEC or the FDIC.
The sender says what they do and what they are. The receiver decides how to
interpret that information. It must be very clear (a MUST) that I sign all is
not the same as instructing the receiver to do an automatic reject. That is why
I don't want to see anything that smacks of telling the receiver what to do.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html