MX dot was (Re: [ietf-dkim] TXT wildcards SSP issues
Douglas Otis
dotis at mail-abuse.org
Mon Jun 4 17:49:57 PDT 2007
On Jun 4, 2007, at 4:35 PM, Damon wrote:
>>
>> It is? If I sign everything for my domain, I'd like to be able to
>> say that for both the top level domain, and all of the subdomains
>> too, right?
>
> I think it is better to say, '*' means: ...and everything else.
>
> So the subdomains that are not currently signed are covered under
> the '*' rule. Which begs the question, if ~any~ subdomain is
> signed, wouldn't the top level have to have to be signed even
> though it may be .nomail?
An "all email signed" assertion creates an identical discovery
problem as that of a statement of "no email sent." "No email sent"
is relevant to the DKIM process. A "no email sent" assertion might
provide protection against additional query traffic. It might also
provide recipients lower overhead when dealing with spoofed
signatures. It is not clear why a "no mail sent" assertion must be
excluded from a policy statement. Surely not every subdomain will be
signing messages and sending email.
-Doug
More information about the ietf-dkim
mailing list