ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] discardable means discardable

2008-02-25 08:24:41
 


Also is there a qualification for asking a receiver to "discard" mail? 
Can only Heavily phished domain ask?  Can it be lightly 
phished? Is there a certain threshold of "phished mail?  Or 
does DISCARDABLE also mean "No sorry. You are not suffering 
enough to have the right to ask me to discard mail." ???



Without intending to put words in John's mouth, I think what he meant is
that there is the risk of some legitimate email being lost if a receiver
respects a discardable assertion. In that respect, sending domains need
to consider carefully the implications of making a discardable
assertion. Something along the lines of "careful what you ask for
because you just might get it".

The other factor is that receiving domains are going to consider
complaints received by their users for undelivered email in their
calculation of whether to respect a discardable assertion. We all know
that there are quite a few domains that have implemented all manner of
things incorrectly, poorly or with a misunderstanding of the
consequences of their actions. Once there is more experience with
SSP/Discardable/etc on the part of senders and receivers, I expect this
to be less of a problem - or should I say "I hope".

Finally, it may be that domains use some sort of decision matrix
uinvolving DKIM and a discardable assertion in the context of other
factors such as a strong SPF assertion. If a particular email fails SPF
AND fails DKIM they may discard it. On the other hand, if it passses SPF
but fails DKIM they may choose not to discard it. 

As a signing sender - even with some feedback from some receivers - I'm
still not in a position to give specific numbers with regard to broken
signatures from forwarding, etc. The numbers appear to be relatively
small but from the receiver domain perspective (with regard to
complaints), how small is small enough? While I'm an advocate of
discardable, I recognize that it isn't for everyone. I've said this all
along. I also recognize though that it is the receiver domain customer
support staff that are likely to hear (first) about undelivered emails. 

The receiver domain is likely to choose to balance the benefit from
listening to discardable assertions and the increase in support calls
that might result from any particular domains discardable assertion. 

Just a few thoughts.

Mike

_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html