On 04/29/2010 11:17 AM, Powers, Jot wrote:
On 4/29/10 11:12 AM, "Michael Thomas"<mike(_at_)mtcc(_dot_)com> scribbled:
With respect to DKIM, anybody who filters based on broken signatures without
any (or little) other input pretty much deserves the false positive rate
they're complaining about.
Ok. I think we (PayPal) are on the same page. We recognized that
DomainKeys with "o=-" and DKIM without "t=y" and ADSP with
"dkim=discardable" is likely to have some collateral damage. We
work to minimize it but believe the value in preventing phish
is worth that cost.
Not like email has ever been guaranteed delivery. ;)
Ok, I just looked at you ADSP record which I have a lot more familiarity.
I'd say that yes, your ADSP record is misconfigured if you expect your
messages to survive through mailing lists. discardable is a very
restrictive policy which is appropriate for transactional mail, etc,
that you really don't care if it gets thrown away if somebody (like
a mailing list) breaks the signature.
What I'd advise is something like put all of your transactional mail
in a subdomain and set it to "discardable", but don't do that to all
your corpro users. There are other ways to go about this, but I'd say
that you're playing with fire lumping all your stuff together as it
appears that you're doing now.
Or you can just do what a lot of people do which is to tell users of
external lists not to post from their corpro accounts :)
Mike
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html