[ietf-dkim] user level ssp
dotis at mail-abuse.org
Wed Sep 6 14:34:55 PDT 2006
On Sep 6, 2006, at 1:47 PM, J.D. Falk wrote:
> On 2006-09-06 10:45, Hallam-Baker, Phillip wrote:
>> The main value I see in user level policy is easing phased
>> deployment. If you are a bank with 100,000 employees with email
>> and you want to deploy DKIM you probably want some form of hook
>> that lets you do it in stages.
> So they'll have 100,000 SSP records?
> Perhaps there's an easier, more flexible, more scalable hook...like
> "we don't sign all mail."
The application envisioned would be to limit annotations for email-
addresses where an assurance is desired. This avoids needing to have
a local-part pre-entered into the address book when this is used as
an annotation filter. Perhaps these addresses would be accounts@ or
administrator@, and something different later. Just a simple list
could be used when only a few email-addresses warrant special
annotations. There is also an ability to use a hash of the local-
part over a domain lookup method to infinitely expand this list, at
the expense of an added DNS transaction. These records should be
small and short-lived.
Financial institution would be able to then limit the number of email-
addresses automatically receiving special annotations. Transactional
messages could by convention use specific email-addresses for these
messages. The convention in use would be conveyed by the policy
record. Perhaps Yahoo! could use admin@ or accounts@ addresses to
differentiate staff or transactional messages from those of other
users. The number of these email-addresses will likely be fairly
limited, and can be limited by convention.
If there is a desire to apply a policy to all but a few email-
address, then a hash over domain method in conjunction with a
wildcard offers another solution.
More information about the ietf-dkim