[ietf-dkim] use cases for wildcard policy assertions
Roland Turner
roland.turner at boxsentry.com
Tue Apr 8 22:13:37 PDT 2008
On Tue, 2008-04-08 at 18:50 -0400, J D Falk wrote:
> Or there will be paranoid admins who would want to state "we don't send
> any mail at all from *, unless I state otherwise in a more-specific
> record." In other words, they'd be trying to change the default state
> from "unknown" to "discardable." Some of my personal domains would
> benefit from this; they're the ones where I currently have "v=spf1 -all"
> records.
This strikes me a particularly interesting one. It's not pure paranoia
so much as fail-safe / default-access-denied thinking (not that this is
access-control per se).
Setting aside questions of whether consensus has already been reached,
and the painful technical details of trying to deal with hierachies of
names rather exact matches with individual domain name, it strikes me
that any reasonable "outsider" will look at a spec that doesn't allow
him to specify in one step (rather than hopefully-correctly attached to
every single zone entry now and through all future changes) "Acme Corp's
email is ALL signed, or it's not ours" and wonder what the spec authors
were thinking.
- Roland
--
Roland Turner | Product Manager, RealMail | BoxSentry Pte Ltd
3 Phillip Street, #13-03 Commerce Point, Singapore 048693
Mob: +65 96700022 | Skype: roland.turner | Fax. +65 65365463
roland.turner at boxsentry.com | www.boxsentry.com
More information about the ietf-dkim
mailing list