[ietf-dkim] Possible issue with Parent Domain logic in SSP
robert at barclayfamily.com
robert at barclayfamily.com
Tue Jan 8 10:55:49 PST 2008
> Date: Tue, 8 Jan 2008 10:34:27 -0800
> From: fenton at cisco.com
> To: robert at barclayfamily.com
> CC: ietf-dkim at mipassoc.org
> Subject: Re: [ietf-dkim] Possible issue with Parent Domain logic in SSP
>
> robert at barclayfamily.com wrote:
> > So if I am bank.com and have a significant problem with misuse of that
> > exact domain and want to use SSP to help mitigate that risk but I have
> > allocated a subdomain to some third part (say thirdparty.bank.com) it
> > looks like my choices come down to
> > 1) Publish SSP with dkim=unknown until thirdparty creates their own
> > SSP record for thirdparty.bank.com
> > 2) Take thirdparty.bank.com back from thirdparty and manage the DNS
> > for whatever services they provide myself
> > 3) Publish ssp with dkim=strict and let mail for thirdparty fail to be
> > validated
>
> There's a fourth option that is designed to cover exactly this case:
>
> 4) Publish ssp with dkim=strict and t=s and it will not apply to
> subdomains like thirdparty.bank.com.
>
> Of course, when you do this, it applies to all subdomains (and
> hostnames), not just thirdparty.
>
> Does this address your concern?
>
> -Jim
>
Yes, I think it does. Not sure how I missed that step.
Thanks,
Robert
_________________________________________________________________
Watch “Cause Effect,” a show about real people making a real difference.
http://im.live.com/Messenger/IM/MTV/?source=text_watchcause
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mipassoc.org/pipermail/ietf-dkim/attachments/20080108/ec57721f/attachment.html
More information about the ietf-dkim
mailing list