Some here have proposed adding a clause statement to the
standard all-signed policy that waters it down to effectively
mean that receivers might get valid messages damaged by
gateways, and adds a new policy that says a domain guarantees
it's addresses will not go through non-compliant gateways.
The standard policy becomes to weak. It doesn't mean anything
besides "please accept mail that looks like it might be from us.
It means the domain remains unprotected.
And who could set the stricter policy? The odd bank or tightly run
corporate entity maybe. Who could not? Universities, ISPs, email
address providers, technical corporations -- all these groups expect
their users to have some amount of freedom participating in mailing
lists.
So if the only way a domain can set a policy that permits* recipients
to drop unsigned or broken mail is to set a policy that it will
not use non-compliant mailing lists, then this is doomed to failure,
and I would go so far as to say that nobody would bother with DKIM
at all, because they couldn't use it to protect their domains.
One serious point about a policy such as the one described above is that
it seems to attempt to describe the transitional state of the entire
internet, rather than the transitional state of a particular site. As
such, almost no one could have any other policy besides this until DKIM
acceptance approached 100%.
Maybe this is just a question of wording. Perhaps everyone would be
satisfied with these two policies:
"I sign all email"
"I sign all email, and do NOT permit email through any body or
signature altering gateways"
Now this might accomplish what is desired, but it reads entirely
differently. The first is still strong, not weakened as has been
suggested. And they describe what the site does, not what the
internet is doing. The second statement is very strong. It
may be rarely used but I can see it's utility. It would probably
be more useful on a per-address basis than it would be on a
per-domain basis.
First, note that basically what this almost seems to be saying is that
the envelope-from must match the From: and/or DKIM address.
Second, note that this may only useful in a policy-first environment.
In the current spec, the assumption is we never know the policy if we
have a valid key. So without gutting and reworking that fundamental
concept (which might be a good thing), such a policy of more strict
email control is not really implementable.
So basically, I think that policy should be designed for the long
term steady state, and not designed primarily for a transition
period. The implementors can take care of the transition.
tom
* another spin on who dictating versus recommending versus asking is
this: an all-signed policy gives the sending domain's _blessing_ to
the receiver to drop the mail on the floor if it is not verifiable.
It doesn't say they have to do it, but it says that it is fine to
do that.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html