If an organization doesn't understand the implications of publishing
ADSP (or doing anything else for that matter) then the basic damage
done is to themselves and their users. Their domain, their problem.
I think that if you talk to ISPs whose customers call and ask why they
didn't get the mail they were expecting, you will find that this
assertion is mistaken.
In practice, I expect that where a competent DbR and ADSP differ, the
DbR would say to ignore the ADSP, they say it's discardable but
they're wrong, not the other way around. Amazon is a fairly unusual
case, signing everything (as far as I can tell) but not making any
public assertions about it.
When random 3rd parties start publishing about domains that is a real
problem. If a random list publisher tells people to drop unsigned mail
by a particular domain - particularly in the absence of an ADSP record -
there is the possibility of them getting sued. This is a significantly
different case then something like SPAM and RBLs.
Sigh. I wish people would refrain from giving legal advice in
technical fora, particularly legal advice that, in the US at least, is
obviously wrong.
R's,
John
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html