On 06/24/2010 07:49 AM, John Levine wrote: Are you making the assumption that all third party lists would be equally > credible? That's no more likely than all DNSBLs being equally credible. > > In both cases, the good ones will make sure their data is correct, > maybe by backchannels to the underying providers (see the Spamhaus PBL > for an example of that) or by some kind of feedback watching the mail > they make assertions about. The bad ones won't do that, and won't be > useful. (See any number of useless poorly run DNSBLs for an example > of that.)
Any service that doesn't have an *explicit* guarantee from the mail domain itself that it signs all mail is worse than incompetent, it's harmful. A third party can *never* prove the negative that the domain in question doesn't have sources of unsigned mail that they don't want discarded. The domain in question without a thourough audit probably doesn't have a clue itself if it's even vaguely largeish. So why does a domain that performs that painful audit and remediation need to then tell John's drop list that it's OK to drop unsigned mail? It doesn't. It can just publish an ADSP record and be done with it. No need to count on some unreliable, unaccountable point of failure to mediate their business. Mike _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html