[ietf-dkim] Proposal change to 3.6.1 t=y Description

[Hector Santos]

We'll been tracking the verification of DKIM/DOMAINKEY mail coming into our
system and as expected, I am seeing the testing tag, t=y, being used by
spammers.

I propose the addition of the following information note (edit as required,
I am just highlighting the issue).

3.6.1  Textual Representation

   ...

   t=  Flags, represented as a colon-separated list of names
       (plain-text; OPTIONAL, default is no flags set).  The
       defined flags are:

       y   This domain is testing DKIM.  Verifiers MUST NOT treat
           messages from signers in testing mode differently from
           unsigned email, even should the signature fail to verify.
           Verifiers MAY wish to track testing mode results to assist
           the signer.


       INFORMATIVE IMPLEMENTATION NOTE:  The testing flag has the
       high potential of becoming a loophole for attacks with
       a high degree of failure.  Verifiers should consider a
       tracking mechanism to limit the long term continued
       usage of the t=y flag to bypass any verification scoring
       and filtering employed by local policy.

--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com