> My problem with this position is that it seems to argue for > proprietary one-off solutions vs. Internet standards for email > authentication policy assertions.
That's certainly a reasonable concern. I expect that if it turns out there are more discardable domains than Paypal, people would use shared drop lists, just like they use shared blacklists and whitelists of IP addresses and domains now. Last year Paul Hoffman, Arvel Hathcock and I published RFC 5518 on Vouch by Reference, which we intended as a way to publish whitelists of responsible domains, originally DKIM signing domains but also usable for domains that pass SPF -all. It would only take a small tweak to VbR to use it to publish shared drop lists. VbR is deliberately really simple; it's a single DNS lookup, prepend the name you're looking up to _vouch and the VbR service's name. The result is a txt record saying what kind of mail it's vouching for, with the list currently being all, list, or transaction. We could add "discardable" as a VbR field, and do lookups like this, for a list called drop.services.net. $ dig info.paypal.ca._vouch.drop.services.net txt ; <<>> DiG 9.6.1-P1 <<>> info.paypal.ca._vouch.drop.services.net txt ;; QUESTION SECTION: ;info.paypal.ca._vouch.drop.services.net. IN TXT ;; ANSWER SECTION: info.paypal.ca._vouch.drop.services.net. 7200 IN TXT "transaction discardable" (This really works, by the way. Try it!) There'd be some other minor tweaks to VbR to bypass an optimization in VbR that puts hints in the mail about where to look, obviously not useful if you're looking up mail that you suspect is a phish. At this point my published drop list contains paypal domains, who publish ADSP, and ebay and amazon who don't publish ADSP, but who send transaction mail all of which is as far as I can tell signed. Looking at the rest of the signatures in my archive, I don't see anyone other reasonable candidates yet. R's, John _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html