> -----Original Message----- > From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim-boun...@mipassoc.org] > On Behalf Of Hector Santos > Sent: Tuesday, May 03, 2011 6:29 AM > To: ietf-dkim@mipassoc.org > Subject: [ietf-dkim] Question: ADSP DKIM=UNKNOWN and A-R reporting > > RFC5617 has for this tag value: > > dkim= Outbound Signing Practices for the domain (plain-text; > REQUIRED). Possible values are as follows: > > unknown The domain might sign some or all email. > > For my A-R reporting if there an explicit DKIM=UNKNOWN record, I took > this declaration to mean the domain only allows it to sign sometimes > and no one else.
That's not what RFC5617 says. > For example, this is such a reporting for a list message posted here > by Alessandro with its tana.it domain. > > Authentication-Results: dkim.winserver.com; > dkim=pass header.i=mipassoc.org header.d=mipassoc.org header.s=k00001; > adsp=fail policy=unknown author.d=tana.it signer.d=mipassoc.org > (unauthorized signer); > > The "(unauthorized signer)" was added because it was an explicit > DKIM=UKKNOWN DNS record declaration. Reporting a "fail" against "dkim=unknown" is technically impossible. You should use "unknown". See Section 5.4. Also, it should be "dkim-adsp", not "adsp". See Section 5.3. > If there was no ADSP record, the adsp= info would look like this: > > adsp=none author.d=tana.it signer.d=mipassoc.org; "none" doesn't appear in the registry. _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html