[ietf-dkim] New Version Notification for draft-levine-dbr-00 (fwd)
dotis at mail-abuse.org
Mon Jul 26 12:13:10 PDT 2010
On 7/26/10 6:24 PM, J.D. Falk wrote:
> I think it's because, when you implement most protocols, if your end is broken then you can't even talk to the other end. With ADSP, if your end is broken then you can still talk SMTP and even sign with DKIM, but the other end may silently discard your message. There's no feedback.
It's not lack of feedback causing unsubscribes on mailing lists. Don't
blame sysadmin for these problems. ADSP, as currently defined, is
unable to accommodate informal third-party services when attempting to
offer protection from phishing. Rather than adhering to the "practice"
aspect of ADSP assertions, ADSP's "discardable" changed this into advice
on message handling, analogous to the "-all" of spf. Avoiding use of
subdomains avoids confusing recipients recognition of the trusted
domain, where use of unprotected subdomains just shifts the phishing
problem. There is no getting this right.
A vouching service is unlikely to offer a fix either. How would a
vouching service know better than the Author Domain? I would not want
to be on the hook when getting this wrong. It would be better to allow
senders the latitude for getting this right, and making their own
explicit determinations. We have the technology. :^)
More information about the ietf-dkim