ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] How to reconcile passive vs active?

2006-08-07 13:37:08
On 8/7/06, Hallam-Baker, Phillip <pbaker(_at_)verisign(_dot_)com> wrote:
> [mailto:ietf-dkim-bounces(_at_)mipassoc(_dot_)org] On Behalf Of Damon

> Here is the scenario:
>
> My CEO calls me and says, "I sent an email to the SEC and
> they never got it!"
> - I tell him to hang on whilst I check the logs (and I finish
> my bagel) ... "We are showing a successful delivery. I will
> get hold of the postmaster at the SEC an figure it out."
> So I spend half a day trying to get the right schmuck on the
> phone and another half a day trying to convey the urgency.

OK so sounds to me like what you are saying is that to turn on strong policy 
rejection you need to also turn on some sort of reporting mechanism when 
exceptions occur.

In this scenario, I don't know an exception occured. Only the receiver does.
(Note: I don't know the postmaster at the SEC but I am sure that
he/she is not a schmuck)


The scenario you describe here is premised on the idea that it's a one strike 
policy and that being incorrectly identified as spam is not a problem.

I don't know what their policy will be. All I know is that I told them
via my policy that I sign all mail.


This type of problem is inevitable at some level without feedback regardless of 
whether you have policy or not.

'I sign all' is not the same as 'Reject without a signature'.

This is my sticking point to "I sign all"- If it is bad, and you are
going to let it pass anyway, why have it? For those like eBay and
others, I think they would implement this in the hope that the
receiver would reject it.

'I sign all' plus 'I am a bank targetted by phishing' may well be a good reason 
for Comcast to decide that no signature means reject. That would not be a good 
policy for the SEC or the FDIC.

I am hoping that if we had to turn in our homework tomorrow, something
that defines this would be in the language describing "I sign all"


The sender says what they do and what they are. The receiver decides how to 
interpret that information. It must be very clear (a MUST) that I sign all is 
not the same as instructing the receiver to do an automatic reject. That is why 
I don't want to see anything that smacks of telling the receiver what to do.

Considering the people that would benefit from this the most would
most likely want the receiver to bit bucket the message... how would
you word this?



Regards,
Damon Sauer
_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html