Damon wrote:
spammers were the first to jump on the SPF band-wagon and
made their domains SPF compliant. Some people pointed to this
as an SPF failure and asked themselves what the point was to
deploy it.
If spammers publish policies resulting in either PASS or FAIL,
and send MAIL FROM such domains, it's fine. If other domain
owners don't see the point now they'll see it later if their
domain is forged... <shrug /> They can also check out BATV
in constellations where that's possible - but that won't help
receivers flooded with alleged MAIL FROM that domain.
Hopefully this document does not raise the question "What is
the point of deployment?"
Of course it does. A DKIM SIGNED isn't the same as SPF PASS,
because the latter at least indicates that bounces won't hit
innocent bystanders, but otherwise spammers will try to get a
DKIM SIGNED like they try to get an SPF PASS.
If some folks then whine that DKIM is pointless because smart
spammers (try to) deploy it... <shrug /> The real question is
if legit senders and more important receivers deploy it - and
for what purpose, simplifying abuse reports isn't too exciting.
Frank
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html