[ietf-dkim] Sensitivity surrounding the "handling" tag
hsantos at santronics.com
Tue Oct 30 14:46:28 PST 2007
Arvel Hathcock wrote:
> Hi all!
> I can easily see how the new "handling" tag might be perceived as
> backward progress on what's been an important theme for a while: the
> notion that SSP should not dictate receiver action. Personally, I think
> we've become a bit too sensitive on that front. Regardless, some text
> at the start of the handling= section might serve to shorten the
> microphone line at the next IETF - yeah right :P
> How about this:
> handling= Non-compliant message handling request (plain-text; OPTIONAL).
> NON-NORMATIVE EXPLANATION: Sender Signing Practices is not
> attempting to control or determine what recipients do with the email
> messages they receive. However, Sender Signing Practices is attempting
> to provide receivers with information from domain owners about what
> their wishes are with respect to messages purportedly sent by them. With
> this information in hand it is believed that receivers will be better
> equipped to make the decisions that seem best to them while at the same
> time allowing senders to offer input into that decision making process.
> The "handling" tag is designed to offer input from senders and is not
> intended to rigidly control receiver behavior.
My view about this is about worth, the pay off. I have yet to see any
practical incentive nor legitimate reason to A) sign mail, and b) even
bother with the overhead to check for incoming DKIM messages.
SSP is or should be about domain 'intent', not wishes. It describes the
mail attributes and policy of the domain, and if the DOMAIN indicates as
night and day, his mail colors are blue, but the receiver is seeing
green, then something is not kolser. The receiver does not want to DO
anything that is going to harm legitimate DKIM domains. It can't do
anything about NON-DKIM domains. But it can do something about the
ABUSE by illegitimate DKIM domain usage.
What is done is called the PAY OFF and I am fairly confident HV domains
who will even bother with this stuff are going to want something domain
with the abuse of their domain mail. If they don't want anything done,
then there is no point. If the domain doesn't care, why should the
receiver care to bother checking for DKIM legitimacy?
No payoff, no worth to the domain and no worth to the receiver.
Hector Santos, CTO
More information about the ietf-dkim