>* DKIM is a really well developed standard for signing email Right, but emphasize that the granularity is a signing domain -- it is not and cannot be a way to attribute mail to individual people.
>* Combined with ADSP=discardable it can filter email at ISP gateways without >too much fear of unduely lost email >* BUT otherwise its useless in its current state. I wouldn't say that. It's quite useful as is to recognize signed mail from people you know. Paypal is the obvious example, their legit volume is high enough to most places that it's worth whitelisting their signed mail, which then lets you crank up the phish filters to catch the unsigned fakes. Be sure to tell them that ADSP is not useful, according to one of the authors of the ADSP RFC. Rather than fooling around with with the near zero S/N ratio of ADSP, whitelist people you know, perhaps put in a few special cases to drop unsigned mail from phish targets like Paypal and Amazon who sign all their mail. (Amazon still signs with DK, but most filters can deal with that.) If you're an ISP, signing your own mail is of limited value unless you exchange a lot of mail with Yahoo and Google, which you probably do. In that case it helps them to recognize your mail stream, and in Yahoo's case send back FBL reports when people hit the spam button. R's, John _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
