[ietf-dkim] protecting domains that don't exist
J D Falk
jdfalk at returnpath.net
Mon Apr 14 09:40:12 PDT 2008
Wietse wrote:
> John Levine:
>>> As someone pointed out, you can interchange steps 1 and 2 in the
>>> specification, putting the existence check first. And then, of
>>> course, you can decide that the existence check is done outside
ADSP.
>>> If the existence check is removed, I would advocate putting in
>>> language that says an existence check SHOULD be
> performed before doing ADSP.
>> That seems reasonable. My objection (and I think also Dave's) is
not
>> that it's a bad idea, but that it's not part of DKIM or ADSP.
>
> +1
+1
> It's unfortunate that DNS won't let us specify ADSP policies that
> cover only non-existent originator domain names, but wishing for such
> an ability does not mean that we suddenly can.
>
> The NXDOMAIN result for the originator domain cannot(*) correspond
> with an ADSP policy (one of "unknown" / "all" / "discardable"), and
> therefore it cannot be part of ADSP.
Would it be an acceptable compromise to add the above (or similar) to
the draft?
> (*) Otherwise we could declare 99.9999% ADSP deployment today.
Hmm, maybe we should do that instead....
More information about the ietf-dkim
mailing list