FYI, the IETF is officially giving up on ADSP.
DKIM remains, as a mechanism for binding a domain to a verifiable
identity, and other frameworks which build upon it, but ADSP itself is
out.
There's possibly some value to ADSP for transactional generated mails
but nobody has ever solved the mailing-list problem for mails from
humans: real-world deployments of mailing-list managers have failed to
update to verify/strip/resign mails (and that still wouldn't help
deployments which verify against RFC5322.From values).
-Phil
The IESG has approved changing the status of the following document:
- DomainKeys Identified Mail (DKIM) Author Domain Signing Practices
(ADSP)
(rfc5617) to Historic
This protocol action is documented at:
http://datatracker.ietf.org/doc/status-change-adsp-rfc5617-to-historic/
A URL of the affected document is:
http://datatracker.ietf.org/doc/rfc5617/
Status Change Details:
ADSP has garnered almost no deployment and use in the 4 years since its
advancement to IETF Proposed Standard. While there are implementations
in code, there is very little deployment and no evidence of the benefits
that were expected when the standard was written.
There is, however, evidence of harm caused by incorrect configuration and
by inappropriate use. There have, for example, been real cases where a
high-value domain published an ADSP record of "discardable", but allowed
users on their domain to subscribe to mailing lists. When posts from
those users were sent to other domains that checked ADSP, those
subscriber domains rejected the messages, resulting in forced
unsubscribes from mailman (due to bounces) for the unsuspecting
subscribers.
Assurances that are provided by ADSP are generally obtained out of band
in the real Internet, and not through ADSP. Current deployment of ADSP
is not recommended.
Personnel
Barry Leiba is the responsible Area Director.