John R. Levine wrote:
Really, reputation is about individual registrants and domains, and as we
all know, you don't need ADSP for people you already know something about.
John we all concur with you. we always have. But you continue to
ignore what others are saying; with no reputation information, no
dkim-signature d=thirdparty.com to base it on, the domain is at risk
for abuse in the same way its done today - legacy spoofed domain with
no attempt DKIMized it.
POLICY allows you to cover those security holes when the reputation is
indeterminate.
Of course, thats besides the fact that we have no reputation standard
to work with anyway and certainly not even a dozen or more if they
were available that everyone can use with equal results. Is that
going to change any time soon? Sound like a very very long wait.
--
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html