Dave Crocker wrote:
Bill(_dot_)Oxley(_at_)cox(_dot_)com wrote:
A better question is how many domains will move signing into production
without the testing flag, then fix the inevitable issues.
Given that most protocols do not have a 'testing' flag -- and they
manage to move into production quite nicely -- a different question
might be why such a flag is needed...
Good question Dave.
My input that is ok to have it but only as a "advertise" that the domain
is testing for possibly for logging or reporting.
My recommendation is that the verifier should continue to treat the DKIM
transaction following the other DKIM/SSP recommendations. Essentially,
the verifier SHOULD ignore t=y for any kind of decision making process.
It should not become FAIL-SAFE option without limits.
I think the exception is some pre-arrange whitelisting concept or domain
to domain arrangement where the verifier is well aware of the domain
testing and will not negatively flag a failed t=y for this domain.
--
Sincerely
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html