Re: [ietf-dkim] draft-ietf-dkim-mailinglists-02 review

> > If they say their mail is discardable, take them at their word and 
> > discard it.
> I disagree.
>
> The ADSP=discardable deployer is not conveying apathy regarding the 
> deliverability of their mail, quite the opposite IMO.  They are saying 
> (to paraphrase) "please attempt to verify the DKIM signature on this message 
> against the key record in our DNS for this domain/subdomain, and if you 
> cannot verify the signature then please discard the message as a means 
> of protecting your subscriber from phishing attacks, otherwise please 
> deliver the message and do so knowing we put this much effort into 
> ensuring the goodness of the mail before we sent it".
This is a really good example of why ADSP will never be useful.  I believe 
that's what you mean when you set adsp=discardable, and what Paypal means, 
but it's not what I meant when I wrote the section about discardable and I 
don't think it's a fair reading of the RFC.  People want to read way more 
into it than is actually there.
Early drafts of what turned into ADSP used the word "strict" which I 
changed to "discardable" to make it clear that if you set this flag, 
you're saying the mail is unusually unimportant, to the extent that if
there's any doubt about its legitimacy, just throw it away.

smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html