Hector Santos wrote:
The problem? Its no fun adding software with a WG standard that
won't be followed at the suggestion of its authors.
But that I mean any developers that wish to support the the WG
Documents are put into a catch-22 position regarding DKIM and ADSP
implementation. It applies to operators as well.
Using myself as an example:
I wish to help further protect my brand and corporate domains with
DKIM and ADSP so that only we can sign it and no one else. I have
unsubscribed from various list and switched to a non-DKIM protected
domain, like here.
I can't DKIM sign my mail because I believe raw DKIM-CORE signing will
water down my domain reputation and brand by feeding ammunition to
spoofers that its ok to sign it with unknown 3rd party signers. I
want no non-standard DKIM-STATS based verifier to learn that this
association is valid.
But I can't add a ADSP record without adding DKIM signatures since
that might cause false positive rejections/discard.
Its a catch-22 implementation issue and the "wait and see" attitude is
only going to show want is already predictable - low support for ADSP.
If one can no longer wait or wants to add DKIM they had to accept the
idea that ANYONE can sign on their behalf without any controls.
--
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html