I'm finally beginning to buy that something akin to DBR may be
necessary, but it's still weird to me that the point is that the
average sysadmin can't be trusted to do ADSP right. But then why,
for example, can he/she be trusted to do DNS or SMTP or even TCP/IP
right without some sort of vouching or reference service asserting
competence?
It's a perfectly reasonable question. To me, the problem with ADSP is
that if we imagine the process of delivering a message to be a running
race, ADSP is a gun pointed at your foot offered to you at the finish
line.
As we all know, admins can and do screw up anything, but with most
mistakes, the damage directly affects them. If you screw up your MX,
your own incoming mail won't work. If you screw up your ADSP, your
mail will work fine, while other people's mail systems will
mysteriously lose mail.
Experience with SPF -all suggests that people who get it wrong will
insist that it's somenoe else's problem to fix, by baroque workarounds
like SRS and recent proposals to intuit that a message with a broken
signature is coming through a legitimate mailing list and that the
list verified the signature. Also, regardless of what the spec says,
few recipients would ever use it as anything more than a mild hint to
a scoring system.
Standards work well when the benefit from implementing them correctly
is shared, and the pain of screwing up is also shared. ADSP offers
trivial benefits to the vast majority of domains that are not phishing
targets and to the recipients of mail from them, and pain that
predominantly falls on the other end from the one that screwed up.
R's,
John
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html