ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] Handling the errata after the consensus call

2009-03-09 10:27:42
from [MH Michael Hammer (5304)] [Permanent Link] 
Comments in-line


-----Original Message-----
From: Suresh Ramasubramanian [mailto:ops(_dot_)lists(_at_)gmail(_dot_)com]
Sent: Sunday, March 08, 2009 8:59 PM
To: MH Michael Hammer (5304)
Cc: IETF-DKIM
Subject: Re: [ietf-dkim] Handling the errata after the consensus call

On Sun, Mar 8, 2009 at 8:58 PM, MH Michael Hammer (5304)

<MHammer(_at_)ag(_dot_)com>

wrote:

Suresh, notwithstanding what some vendors might wish in terms of
reputation, the case for ADSP is and always has been to leverage

DKIM to

be able to say "this domain signs all mail" in one way or another.


That seems like an overly complex, rube goldbergish way to indicate
it.  More like developing spf, with your sole reason being to publish
"v=spf1 -all" indicating that a domain never sends email.



Please offer a better way of indicating that mail is always signed. 

I think your analogy to SPF is not quite correct. The SPF record itself
includes the ability to make a strong assertion (a record that ends with
-all but is not solely -all) as well as a means of indicating that one
does not send mail from a particular domain (publish only -all). The
base DKIM spec does not provide a way to specify one signs all email.



And it is still not something I would trust without confirmation and
verification out of band (this, having noticed more than one wrong spf
declaration that if we'd bothered to check on in our mailserver, would
have resulted in lost mail)



That is your choice as a receiver. I'm not sympathetic to senders that
publish incorrect or broken SPF records just as I'm not sympathetic to
senders who publish incorrect DKIM records. This is no different than
someone publishing incorrect DNS records.

It may be that you as a receiver choose to require some other
confirmation and verification before you act on what a domain publishes.
That is your prerogative. On the other hand, one of the reasons I am a
strong proponent for both SPF and DKIM (+ADSP) is that it provides a way
to scale beyond one to one out of band correspondence between sender and
receiver.


Further, at least from my perspective, it is not something I would
bother to check for all but a few significant domains.



Again, different receivers will make different choices about what they
do. Isn't freedom of choice a grand thing?

Mike

_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] Handling the errata after the consensus call, Suresh Ramasubramanian
Next by Date:  Re: [ietf-dkim] Handling the errata after the consensus call, Michael Adkins
Previous by Thread:  Re: [ietf-dkim] Handling the errata after the consensus call, Hector Santos
Next by Thread:  Re: [ietf-dkim] Handling the errata after the consensus call, Suresh Ramasubramanian
Indexes:  [Date] [Thread] [Top] [All Lists]