On 9/29/09 12:10 PM, Dave CROCKER wrote:
wow. more than 16 hours and no one has posted anything.
There are no good solutions. This feature was intended to cause messages with their signatures damaged or missing to not end up in someone's mailbox. Any domain making an ADSP discard assertion should expect the domain will become usable on mailing lists. Such domains should be limited to handling transactional emails.
Unfortunately, this view might lead to more phishing exploits whenever alternative domains are then used by the same organization. When there is nothing good to be said, perhaps the better choice is to say nothing. Perhaps there should be a standardization for transactional sub-domains and stringent requirements where ADSP transactions then become superfluous. Where subdomains like secure, or signed.somedomain.com versus somedomain.com might be used as a way to establish a visual convention.
-Doug