On 5/26/10 2:04 PM, Scott Kitterman wrote: > I don't know of a way to do that which doesn't require a trust relationship > with the mail list provider. If you have such a relationship then it's > relatively trivial to just not bother with ADSP checks for mail from such > lists. > Agreed. Author Domains use "all" or "discardable" to help recipients deal any number of bogus messages. Since Author Domains may have an interest in retaining trust, domains should also be able to indicate their relationships with third-party services unable to furnish Author-Domain signatures. Perhaps ADSP "all+tpa" might better signal such an extension of trust. Clearly, mailing lists represent reasonable examples of where sharing DKIM keys represents an impractical solution. > I'm left not knowing what advantage there would be from a more complex > standardized approach. > A conservative domain would retain trust by limiting their authorizations to vetted third-parties. A DKIM specific authorization scheme would give senders a clear voice in how their messages lacking an Author-Domain signature are expected to be handled. With this information, recipients would not need to guess or to consult gurus in how a specific service's messages should be handled. This burden would be placed upon the trusted sender. DKIM specific authorization would be an infrequently used mechanism managed fully by those having the greatest interest in mitigating abuse that might otherwise obscure their messages.
-Doug _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html