That’s true. More importantly, perhaps, the smarter receivers I’ve talked with are much more concerned about what their users think than what the senders think. Checking ADSP is outsourcing the power for mail filtering to an unaccountable sender, yet leaves the responsibility and complaints and unhappy recipients with the ISP.

How so? Senders supposedly only add ADSP records if they’re sending email that the sender considers “important” to the recipient, yet receivers checking ADSP are pretty much guaranteed to get systemic false positives with some recipients, leading to all ADSP tagged mail to those recipients being discarded. What reasonable receiver would deploy a mail filtering approach that’s known to provide little benefit, but which is sure to upset their users by throwing away legitimate, wanted email.

… rather an attempt to dissuade people from believing they should accept timelines and answers from their vendors without good hard proof …

Yup.

Though if you have a good working relationship with your vendor – such that you can get answers from their engineers rather than their sales glossies – it can be useful to find out _why_ they implemented something the way they did. That can be enlightening both to you and to your vendor (I’ve seen several MTA vendors significantly improve their DKIM support after those conversations with their users).

depending on how broken you consider ADSP

I believe that’s why many receivers don’t want to even look at ADSP: too many potential complaints from senders if they get it wrong.

That said, this wasn’t a post about the correct implementation of ADSP, or the best use of it, rather an attempt to dissuade people from believing that they should accept timelines and answers from their vendors without good hard proof as to why they’ve taken a particular path.

Thanks for the comment — I’m a fan of wttw!

If there is an ADSP record published, and the DKIM check fails you should never bounce the mail – you should either deliver it to the end user or silently discard it, depending on how broken you consider ADSP.

(Yes, this isn’t something that any sane sender will consider useful, but it is what ADSP states you should do, so if you want to implement ADSP checking, that’s what you should do).

If there’s no ADSP record, then there’s no issue – a DKIM failure means nothing negative, just treat the message as unsigned and filter or deliver as normal.

That said, he also mentioned that he had a spare front brake with longer reach arms that he could give me