wow. more than 16 hours and no one has posted anything.
Daniel Black wrote:
- The author's email infrastructure DKIM signs the email message and publishes a ADSP dkim record saying 'I sign all messages for this domain'
- The message is received by the email list
I'm going to respond without getting into any of the ADSP emotional debate. ADSP is what it is. DKIM is what it is. You are asking a legitimate question about a potential scenario that seems likely to occur.
If someone registers an ADSP record that says that any failed or absent signatures should cause the message to be dropped, they are responsible for making the assertion and for its consequences.
The presumption behind this bit of mechanism is that the ADSP registrant knows enough, and can control enough, to produce the desired outcome.
The scenario you are exploring demonstrates a case in which they were wrong.
I think it a mistake to ask intermediaries to fix the effects of their own legitimate actions, really caused by inappropriate policy choices of an organization earlier in the handling sequence.
The core problem, here, is that the signing organization asserted a generality that was incorrect. It's not your job to hack your system or the messages you process to try to fix their mistaken generality.
d/
ps. There are cases of SPF -a being set incorrectly, and it didn't even take a mailing list to create undelivered mail. The solution is to change the -a setting, rather than try to hack around it.
--
Dave Crocker Brandenburg InternetWorking bbiw.net