[ietf-dkim] why we should clearly specify domain existence
dotis at mail-abuse.org
Tue May 27 16:41:41 PDT 2008
On May 27, 2008, at 8:09 AM, Frank Ellermann wrote:
> While we're busy renaming ADSP results, could anybody here explain
> the idea of "all" vs. "discardable" ? I don't see the difference.
The otis-dkim-adsp draft modified the terms from
"unknown" is a misnomer since this asserts not signing Author Domain
messages is permitted. This practice becomes known once the ADSP has
been discovered. The term "OPEN" more correctly indicates any
outbound SMTP server is "open" to users of the Author Domain.
The term "all" incorrectly implies the nature of the assertion.
Clearly ensuring all messages are signed is beyond the control of the
domain making this assertion. Not "all" Author Domain messages can be
assured to have been signed. Rather "CLOSED" more correctly indicates
non-signing SMTP services are considered "closed" to users of the
Author Domain. Use of "closed" non-signing outbound SMTP servers will
result in messages being non-compliant with an ADSP "CLOSED" assertion.
Depending upon intended outcome of "discardable", this term recommends
an action that may not be appropriate, and one that degrades the
integrity of SMTP delivery. This term was replaced with a more
generic term "LOCKED". This assertion stipulates that the Author
Domain wishes to have their messages lacking a valid Author Key Domain
signatures dismissed. Dismissal does not imply discard. The Author
Domain desires to have acceptance of Author Domain messages "locked"
in to having valid Author Key Domain signatures.
For normal conversational email, a "CLOSED" Author Domain may often be
found without a valid Author Key Domain signature. For specific
transactional email, a "LOCKED" Author Domain should seldom be found
without a valid Author Key Domain signature. The difference between
"CLOSED" and "LOCKED" will likely be reflected in how messages are
More information about the ietf-dkim