Jim Fenton wrote:
Interesting thoughts...comments inline.
Tim Draegen wrote:
- My largest customers will not deploy DKIM verification if it
requires making a DNS query (or two) for every single non-signed
email that they receive. Even if it makes no real-world difference,
some people just won't do it.
I don't understand this. Many people routinely do reverse DNS lookups
on the IP address from which messages are received, SPF checks (which
can be several lookups), and so forth. Why the sensitivity to
additional, potentially well-cached lookups?
I think that the interesting meta issue here is that DKIM verification
does not
require this; SSP requires this. I hope that there isn't confusion about
that because
the two really are severable.
- I do not need SSP to arrive at a 'good verification' conclusion.
Since all I care about it a 'good' result, SSP doesn't add enough
value to warrant the MUST language that currently exists wrt
verifiers querying for policy.
There's a lot of question how much "teeth" these requirements on the
verifier have. We used the stronger wording to encourage "compliant"
implementations to do SSP, because a lot of the reason for publishing
SSP goes away if it is going to be ignored. But I expect that it will
be up to the individual customer's choice, just as it's possible to turn
certain classes of checks on and off in SpamAssassin.
Again, we need to separate out the two protocols. We have to have MUST
requirements for the SSP protocol, but there isn't a MUST USE SSP
requirement
for any given DKIM verifier.
Mike
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html