On Sat 14/Sep/2013 19:30:01 +0200 Murray S. Kucherawy wrote:
>
> There's been a proposal put forth in the standards community to move
> ADSP (RFC5617) to Historic status from Proposed Standard. The main
> reasons are (a) its lack of substantial uptake, and (b) the fact that
> it can be actively damaging, such as in the case of use when mailing
> lists are involved.
>
> Since those are the premises of the move, I wonder if anyone has
> anecdotes to share that illustrate useful benefit from using it. So
> here are the relevant questions to OpenDKIM:
>
> 1a) If you use OpenDKIM as a filter, do you have it enabled (the
> default) and set to reject (not the default)?
I use a similar filter, with similar defaults. I have checking
enabled, rejecting disabled.
> 1b) If you use OpenDKIM as a filter with ADSP enabled and do not
> reject, it adds an Authentication-Results header field indicating the
> failure. Do you do anything with that?
I store the authentication methods that domains ever authenticated
with. The top of my list currently is:
+------+---------------------------------+
| cnt | auth |
+------+---------------------------------+
| 3728 | dnswl |
| 3103 | spf |
| 1558 | spf,dkim,dnswl |
| 1249 | spf_helo |
| 844 | author |
| 827 | author,spf,dkim |
| 673 | author,spf,dkim,dnswl |
| 609 | dkim |
| 565 | dkim,rep_s,dnswl |
| 538 | author,dkim |
| 436 | spf,dkim |
In the above, "author" stands for a possibly invalid author domain
signature, while "dkim" means there was a valid signature ("rep*" are
the reputation lookups.) Based on that, I'd say that configuring ADSP
for outgoing mail enjoys some popularity among DKIM signers.
> 2a) Do you use libopendkim directly? Specifically, do you call
> dkim_policy() and related functions to do ADSP checking?
Yes, and yes.
> 2b) Do you act on the result, or merely attach it to the message so
> something downstream can handle it?
Users can configure the filter in order to honor ADSP. I think I'll
limit the possibility to do so when ADSP becomes historic. However,
I'd suggest to leave the library implementation in place, at least for
a few decades...
Ale
Received on Thu Sep 19 2013 - 17:53:01 PST
This archive was generated by hypermail 2.3.0
: Thu Sep 19 2013 - 17:54:01 PST