ADSP is an optional extension to DKIM and permits a domain to publish the signing practices it adopts and specify the intended action the domain owner would like followed in the case of a message failing the signature check. Three options are available:
- unknown, which indicates the domain does not sign all Email
- all, which indicates all mail from the domain should be signed
- discardable, which indicates all mail from the domain should be signed and if a signature is missing or invalid, the domain owner wants the receiving server to delete or reject the message
ADSP was adopted as RFC 5617 in August 2009 and while ADSP never achieved widespread adoption, it was put into production by a number of senders and receivers. The standard was demoted to historic status in November 2013 having been effectively replaced by DMARC, although it is still in use and in terms of a comprehensive counter-fraudulent Email strategy, there is no harm in also declaring a ADSP policy, particularly for ‘parked domains’.
An example ADSP record is:
This example would be used for a domain that signs all Email, or maybe more likely, on a ‘parked domain’, where the domain owner wants to take every opportunity to have fraudulent Email deleted/rejected by a recipient.