[ietf-dkim] protecting domains that don't exist
Charles Lindsey
chl at clerew.man.ac.uk
Tue Apr 15 04:14:12 PDT 2008
On Mon, 14 Apr 2008 21:52:43 +0100, John Levine <johnl at iecc.com> wrote:
> Two more observations: One is the assumption that mail from subdomains
> is somehow automatically equivalent to mail from the enclosing domain.
> I don't see any reason for this to be true. I have one opinion about
> mail from foo at aol.com, and a rather lower opinion of mail from
> foo at 327cb72e.ipt.aol.com, without needing any help from ADSP.
OTOH, the converse is likely to be relevant to quite a lot of domains,
even if it does not apply to aol.com.
>
> The other is that if you're so desperate to provide complete ADSP
> coverage of subdomains, you can do it right now with a specialized DNS
> server that does the equivalent of synthesizing names from
> _adsp._domainkey.*.example.com. This is no worse a hack than the
> sorta kinda approaches, but unlike all of them, it would actually
> work.
Yes, that look interesting. But presumably it is more or less equivalent
to doing the full tree walk and then cacheing the result (being careful to
observe TTL).
--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131
Web: http://www.cs.man.ac.uk/~chl
Email: chl at clerew.man.ac.uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
More information about the ietf-dkim
mailing list