-----Original Message-----
From: ietf-dkim-bounces(_at_)mipassoc(_dot_)org
[mailto:ietf-dkim-bounces(_at_)mipassoc(_dot_)org] On Behalf Of Hector Santos
Sent: Tuesday, May 03, 2011 6:29 AM
To: ietf-dkim(_at_)mipassoc(_dot_)org
Subject: [ietf-dkim] Question: ADSP DKIM=UNKNOWN and A-R reporting
RFC5617 has for this tag value:
dkim= Outbound Signing Practices for the domain (plain-text;
REQUIRED). Possible values are as follows:
unknown The domain might sign some or all email.
For my A-R reporting if there an explicit DKIM=UNKNOWN record, I took
this declaration to mean the domain only allows it to sign sometimes
and no one else.
That's not what RFC5617 says.
For example, this is such a reporting for a list message posted here
by Alessandro with its tana.it domain.
Authentication-Results: dkim.winserver.com;
dkim=pass header.i=mipassoc.org header.d=mipassoc.org header.s=k00001;
adsp=fail policy=unknown author.d=tana.it signer.d=mipassoc.org
(unauthorized signer);
The "(unauthorized signer)" was added because it was an explicit
DKIM=UKKNOWN DNS record declaration.
Reporting a "fail" against "dkim=unknown" is technically impossible. You
should use "unknown". See Section 5.4.
Also, it should be "dkim-adsp", not "adsp". See Section 5.3.
If there was no ADSP record, the adsp= info would look like this:
adsp=none author.d=tana.it signer.d=mipassoc.org;
"none" doesn't appear in the registry.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html