On 06/24/2010 07:49 AM, John Levine wrote:
Are you making the assumption that all third party lists would be equally
credible? That's no more likely than all DNSBLs being equally credible.
In both cases, the good ones will make sure their data is correct,
maybe by backchannels to the underying providers (see the Spamhaus PBL
for an example of that) or by some kind of feedback watching the mail
they make assertions about. The bad ones won't do that, and won't be
useful. (See any number of useless poorly run DNSBLs for an example
of that.)
Any service that doesn't have an *explicit* guarantee from the mail
domain itself that it signs all mail is worse than incompetent,
it's harmful. A third party can *never* prove the negative that the
domain in question doesn't have sources of unsigned mail that they
don't want discarded. The domain in question without a thourough
audit probably doesn't have a clue itself if it's even vaguely
largeish.
So why does a domain that performs that painful audit and
remediation need to then tell John's drop list that it's OK to
drop unsigned mail? It doesn't. It can just publish an ADSP
record and be done with it. No need to count on some unreliable,
unaccountable point of failure to mediate their business.
Mike
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html