Arvel Hathcock wrote:
Hi all!
I can easily see how the new "handling" tag might be perceived as
backward progress on what's been an important theme for a while: the
notion that SSP should not dictate receiver action. Personally, I think
we've become a bit too sensitive on that front. Regardless, some text
at the start of the handling= section might serve to shorten the
microphone line at the next IETF - yeah right :P
How about this:
handling= Non-compliant message handling request (plain-text; OPTIONAL).
NON-NORMATIVE EXPLANATION: Sender Signing Practices is not
attempting to control or determine what recipients do with the email
messages they receive. However, Sender Signing Practices is attempting
to provide receivers with information from domain owners about what
their wishes are with respect to messages purportedly sent by them. With
this information in hand it is believed that receivers will be better
equipped to make the decisions that seem best to them while at the same
time allowing senders to offer input into that decision making process.
The "handling" tag is designed to offer input from senders and is not
intended to rigidly control receiver behavior.
My view about this is about worth, the pay off. I have yet to see any
practical incentive nor legitimate reason to A) sign mail, and b) even
bother with the overhead to check for incoming DKIM messages.
SSP is or should be about domain 'intent', not wishes. It describes the
mail attributes and policy of the domain, and if the DOMAIN indicates as
night and day, his mail colors are blue, but the receiver is seeing
green, then something is not kolser. The receiver does not want to DO
anything that is going to harm legitimate DKIM domains. It can't do
anything about NON-DKIM domains. But it can do something about the
ABUSE by illegitimate DKIM domain usage.
What is done is called the PAY OFF and I am fairly confident HV domains
who will even bother with this stuff are going to want something domain
with the abuse of their domain mail. If they don't want anything done,
then there is no point. If the domain doesn't care, why should the
receiver care to bother checking for DKIM legitimacy?
No payoff, no worth to the domain and no worth to the receiver.
--
Sincerely
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html