Ian Eiloart wrote:
--On 13 October 2009 09:32:20 -0700 "Murray S. Kucherawy"
<msk(_at_)cloudmark(_dot_)com> wrote:
-----Original Message-----
Another data point: Google Mail won't use ADSP because they will not
discard someone's mail outright without a written agreement from the
sending domain agreeing to same, absolving them of responsibility for
mail that never arrives.
You mean that they won't publish ADSP records? Or that they won't respect
any ADSP records? Or that they won't discard "discardable" messages?
Logically, none of these things follow. Publishing ADSP records doesn't
mean that Google will discard anything, though it does grant permission for
others to do so. They have lots of other things that they can do as a
result of ADSP fails. Presumably, they'd be more aggressive with
quarantining mail if there's an ADSP record that renders a specific email
discardable. Heck, they could even argue that publication of
"dkim=discardable" does absolve them.
+1 and that is a very critical point for product engineers especially
when there new legal terms like "domain responsibility" peppered
throughout the documents. This is just asking for trouble one way or
another. That alone can scare people away (raises the barrier to
adoption).
POLICY provides indemnification for receivers with a clear DOMAIN
publication for its expectation for signatures.
ADSP also provides a newly IETF sanctioned and officially authorized
protocol mechanism for silent discarding of accepted mail without
notifications. And its not a coincidence, the new 2009 RFC 5321 for
SMTP did finally recognize the backscatter industry problem and added
a provision that allows for reasonable discarding of mail due to
abuse. ADSP provides that reasonable classification.
That said....
I can understand a RECEIVER not supporting RFC 5617. The idea here
there is a final deposition. It is not pushing mail back into the mail
stream. Passthru systems are traditionally not expected not to alter
mail (there is legal case history here) with the exception of adding
network control lines (trace headers).
Regardless of what ADSP is suppose to mean, the issue is forwarders,
relays, intermediary (re)signer ignorance for ADSP domains,
effectively pushing DKIM/ADSP violating transactions back into the
network mail stream and thus causing down links consequences.
In effect, ADSP (LEVINE) is saying:
This is possible useful for MDA to use.
But MTA (intermediary signers) can ignore it.
I don't think that is sound engineering.
--
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html