[Asrg] where the message originated (was: DKIM role?) (SM)

Ian Eiloart iane at sussex.ac.uk
Mon Jan 19 06:32:42 PST 2009 


--On 19 January 2009 09:07:16 -0500 Dotzero <dotzero at gmail.com> wrote:

>
> Ian,
>
> While I appreciate your ardent fervor in support of SPF and DKIM, it
> would appear that your practical experience is somewhat limited. For
> the domains I'm responsible for I've sent 700 million+ DKIM signed
> messages and in excess of 1 billion messages since changing the SPF
> records for these domains to end with -all.
>
> While I am supportive of both these approaches, I recognize that there
> are specific ways that breakage occurs for otherwise legitimate mail.
> There has been plenty of discussion on these issues on other lists
> such as spf-discuss and ietf-dkim.

Yes, I'm aware of the discussions. However, I'm also aware that email is 
already very broken in many ways. We seem to be stuck in a place where we 
can't move for fear of breaking something, even if the place we want to go 
would be so much better than where we are.

> Your analysis of whether and how domains should implement these
> approaches is somewhat simplistic and as you point out above, you
> don't even eat the dog food that you advocate others should.

Yes, I think I said that I'm engaged in discussing an idea, rather than 
advocating it. Probably I've actually said both things.

> An exercise you might engage in.... what types of breakage occur when a
> domain publishes -all at the end of their SPF record (Assuming that
> receivers respect the published record and act accordingly)?

That, I'm certainly not yet advocating. I'm suggesting that publication of 
records, even with "~all", is a huge step forward. It'll improve 
deliverability of properly submitted emails in domains that are able to 
maintain good reputation. That'll encourage deployment of proper MSA 
servers. It'll encourage deployment of MSA and DKIM compatible forwarding 
services, because they'll be more successful. Eventually, we'll end up in a 
place where more and more admins are happy to publish, and respect "-all" 
records.

Heck, I might even suggest that the UK (just cos that's where I am) should 
legislate that financial services organisations (those regulated by the 
Financial Services Authority) MUST publish SPF records and sign their 
outgoing email.

> What sorts of breakage occurs for messages from a domain assuming they 
were
> able to communicate that they sign all messages for a particular
> domain?
>
> Just a few thoughts.
> _______________________________________________
> Asrg mailing list
> Asrg at irtf.org
> http://www.irtf.org/mailman/listinfo/asrg



-- 
Ian Eiloart
IT Services, University of Sussex
x3148

More information about the Asrg mailing list