Jim Fenton wrote:
I'm (obviously) not as much of a fatalist when it comes using dkim=all. I
believe there are things that one can usefully do, such as to "raise the bar"
on content filtering, if a message fails a dkim=all ADSP.
Jim,
What you write sounds great. Unfortunately, I have no idea what its software or
operations impact could or should be.
This isn't about being a fatalist; it is about protocol semantics and whether
non-participating intermediaries experience a failure that is not their fault.
If we are to assert conclusions of operational effect or non-effect, we need to
be very careful that it is based on reasonable methodology. That you are not
(yet) experiencing a problem by publishing an =all doesn't mean much if, for
example, virtually no receivers are looking for an ADSP record and/or virtually
no receivers are making handling decisions based on ADSP records.
Before you report your personal experiences, could you include data about the
receivers, please?
To claim that one signs all mail is to imply that anyone receiving mail
from them should see a valid signature.
Hardly. I thought that it was you that was making the point all this time
that all SSP/ADSP could do is describe the sender's practices, and could not
imply receipt of a valid signature.
Imply is different from dictate.
What is the point of signing? What is the point of publishing an ADSP record?
If there is no expectation that it will have some effect at the receiver, then
what really is the point of all this work.
If there is expectation that an ADSP record will have some impact at a
receiver,
then there needs to be some expectation that the impact will be upon messages
that have an ADSP record but do not have a valid DKIM signature of the type
ADSP
promises.
Mail sent through list servers invites the problem of receivers getting
mail that does not have the promised valid signature, since intermediaries
are re-posting the message and are free to make whatever changes they see
fit.
Hence, saying -all for mail that goes through intermediaries which might
affect the signature is inviting receivers to treat the received mail with
hostile prejudice.
Depends on what "hostile prejudice" means. If it means using other filtering
measures more rigorously, I'm fine with that.
Publishing ADSP is a proactive step. Failing an ADSP test is different from
failing to validate a signature. It therefore is reasonable to expect that the
first failure will have a different effect from the second. In this case,
"different" seems most likely to mean "worse".
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html