[ietf-dkim] Fwd: Re: domain existence check

[Douglas Otis]

On May 27, 2008, at 6:01 AM, <Bill.Oxley at cox.com> wrote:

> I am imperfectly signing messages with DKIM that I am sending via my  
> home machine on a dhcp address purported to be from  
> bill.oxley.home.com a vanity non existent domain. According to DKIM  
> that message is to be treated as unsigned, why do you wish to drop it?

ADSP changes what is accepted over SMTP when implemented by receiving  
hosts.  Receiving hosts are free to verify that SMTP support records  
exist when the receiving host wish to limit message-addresses to those  
that might be supported by SMTP.  This will not require most sending  
domains to make any change.  Perhaps there will be a few cases where a  
"converted" NNTP (RFC3977) message has been issued by a domain that  
does not support SMTP, or in your case from a made-up domain.  The  
otis-dkim-adsp draft does suggest that a message signed by an non- 
Author-Key-Domain can still be used as a basis for acceptance.   
Stringent tests are unlikely to be imposed by larger providers, at  
least until abuse complaints exceed those of not receiving non-SMTP  
messages over SMTP.  This change will require time.

Expecting the rest of the world to publish records declaring SMTP as  
not supported at every domain is unfair and also does not scale.  The  
ADSP discovery algorithm must be based upon positive assertions of  
support for SMTP.

-Doug