On Jun 24, 2010, at 9:21 AM, Michael Thomas wrote: > Any service that doesn't have an *explicit* guarantee from the mail > domain itself that it signs all mail is worse than incompetent, > it's harmful. A third party can *never* prove the negative that the > domain in question doesn't have sources of unsigned mail that they > don't want discarded. The domain in question without a thourough > audit probably doesn't have a clue itself if it's even vaguely > largeish. > > So why does a domain that performs that painful audit and > remediation need to then tell John's drop list that it's OK to > drop unsigned mail? It doesn't. It can just publish an ADSP > record and be done with it. No need to count on some unreliable, > unaccountable point of failure to mediate their business.
Why do you keep assuming that John's proof-of-concept drop list is the only way a drop list can ever operate? -- J.D. Falk <jdf...@returnpath.net> Return Path Inc _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html