[ietf-dkim] New Version Notification for draft-levine-dbr-00(fwd)

[John Levine]

> If an organization doesn't understand the implications of publishing
> ADSP (or doing anything else for that matter) then the basic damage
> done is to themselves and their users. Their domain, their problem.

I think that if you talk to ISPs whose customers call and ask why they
didn't get the mail they were expecting, you will find that this
assertion is mistaken.

In practice, I expect that where a competent DbR and ADSP differ, the
DbR would say to ignore the ADSP, they say it's discardable but
they're wrong, not the other way around.  Amazon is a fairly unusual
case, signing everything (as far as I can tell) but not making any
public assertions about it.

>When random 3rd parties start publishing about domains that is a real
>problem. If a random list publisher tells people to drop unsigned mail
>by a particular domain - particularly in the absence of an ADSP record -
>there is the possibility of them getting sued. This is a significantly
>different case then something like SPAM and RBLs. 

Sigh.  I wish people would refrain from giving legal advice in
technical fora, particularly legal advice that, in the US at least, is
obviously wrong.

R's,
John