Steve Atkins wrote:
On Nov 9, 2007, at 7:46 AM, Dave Crocker wrote:
Bill(_dot_)Oxley(_at_)cox(_dot_)com wrote:
A better question is how many domains will move signing into production
without the testing flag, then fix the inevitable issues.
Given that most protocols do not have a 'testing' flag -- and they
manage to move into production quite nicely -- a different question
might be why such a flag is needed...
Particularly as the failure mode of DKIM is simply to treat the message
as unsigned - so DKIM failures will not, in any competently configured
system, affect SMTP interoperability adversely.
Competently? Oh brother. Any who.
I disagree.
All AVS operations worth their salt, is all about learning the bad guy
threats and once patterns are detected that the bad guy is bombarding
DKIM compliant servers with high rate of FAILED t=y transactions, it
will not be ignored.
Trust me. Although I am just one SMTP vendor like others here with a few
decades of practical experience in every market segment, who doesn't
need to guess at what will happen, without a shadow of a doubt, will add
such logic. I am confident other SMTP systems and operators will see the
light as well. t=y will be ignored if not restricted.
Why are you so adversely against fine tuning the definition of the t=y
option? What harm is there highlighting these real world concerns?
--
Sincerely
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html