On Mar 8, 2009, at 5:58 PM, Suresh Ramasubramanian wrote:
On Sun, Mar 8, 2009 at 8:58 PM, MH Michael Hammer (5304)
<MHammer(_at_)ag(_dot_)com
wrote:
Suresh, notwithstanding what some vendors might wish in terms of
reputation, the case for ADSP is and always has been to leverage
DKIM to
be able to say "this domain signs all mail" in one way or another.
That seems like an overly complex, rube goldbergish way to indicate
it. More like developing spf, with your sole reason being to publish
"v=spf1 -all" indicating that a domain never sends email.
And it is still not something I would trust without confirmation and
verification out of band (this, having noticed more than one wrong spf
declaration that if we'd bothered to check on in our mailserver, would
have resulted in lost mail)
Further, at least from my perspective, it is not something I would
bother to check for all but a few significant domains.
If you have a list of domains to check, you don't need any of the
ADSP infrastructure, just require valid DKIM signatures for any
mail coming from those domains on the list.
So any use case that uses a list (private or public) of domains
to apply the algorithm to is probably out of scope for ADSP.
Cheers,
Steve
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html