On 07/26/2010 09:24 AM, J.D. Falk wrote:
On Jul 25, 2010, at 11:36 AM, Murray S. Kucherawy wrote:
I've engaged some of you off-list trying to understand why ADSP is
fundamentally different than the private agreements known to exist between
PayPal and some large email service providers. I get the philosophical
arguments, but from a standards body perspective I remain stymied.
I'm finally beginning to buy that something akin to DBR may be necessary,
but it's still weird to me that the point is that the average sysadmin can't
be trusted to do ADSP right. But then why, for example, can he/she be
trusted to do DNS or SMTP or even TCP/IP right without some sort of vouching
or reference service asserting competence?
The whole point of standards is to publish a mechanism for accomplishing
something so that two parties that have never interacted in that specific
way before can do so without some kind of out-of-band prior arrangement. In
that sense these statements about ADSP create some cognitive dissonance that
I haven't been able to resolve yet.
I think it's because, when you implement most protocols, if your end is
broken then you can't even talk to the other end. With ADSP, if your end is
broken then you can still talk SMTP and even sign with DKIM, but the other
end may silently discard your message. There's no feedback.
But that's basically true of the entire mail system these days. It's also why
getting ARF/FBL's widespread would be a generally Good Thing. ADSP doesn't
really change anything one way or the other.
Mike
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html