[ietf-dkim] Sensitivity surrounding the "handling" tag

Hector Santos hsantos at santronics.com
Tue Oct 30 14:46:28 PST 2007 

Arvel Hathcock wrote:
> Hi all!
> 
> I can easily see how the new "handling" tag might be perceived as 
> backward progress on what's been an important theme for a while: the 
> notion that SSP should not dictate receiver action.  Personally, I think 
> we've become a bit too sensitive on that front.  Regardless, some text 
> at the start of the handling= section might serve to shorten the 
> microphone line at the next IETF - yeah right :P
> 
> How about this:
> 
>    handling= Non-compliant message handling request (plain-text; OPTIONAL).
> 
>      NON-NORMATIVE EXPLANATION:  Sender Signing Practices is not 
> attempting to control or determine what recipients do with the email 
> messages they receive. However, Sender Signing Practices is attempting 
> to provide receivers with information from domain owners about what 
> their wishes are with respect to messages purportedly sent by them. With 
> this information in hand it is believed that receivers will be better 
> equipped to make the decisions that seem best to them while at the same 
> time allowing senders to offer input into that decision making process.  
> The "handling" tag is designed to offer input from senders and is not 
> intended to rigidly control receiver behavior.

My view about this is about worth, the pay off. I have yet to see any 
practical incentive nor legitimate reason to A) sign mail, and b) even 
bother with the overhead to check for incoming DKIM messages.

SSP is or should be about domain 'intent', not wishes. It describes the 
mail attributes and policy of the domain, and if the DOMAIN indicates as 
night and day, his mail colors are blue, but the receiver is seeing 
green, then something is not kolser.  The receiver does not want to DO 
anything that is going to harm legitimate DKIM domains. It can't do 
anything about NON-DKIM domains.  But it can do something about the 
ABUSE by illegitimate DKIM domain usage.

What is done is called the PAY OFF and I am fairly confident HV domains 
who will even bother with this stuff are going to want something domain 
with the abuse of their domain mail.  If they don't want anything done, 
then there is no point.  If the domain doesn't care, why should the 
receiver care to bother checking for DKIM legitimacy?

No payoff, no worth to the domain and no worth to the receiver.

-- 
Sincerely

Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com

More information about the ietf-dkim mailing list