[ietf-dkim] protecting domains that don't exist
chl at clerew.man.ac.uk
Tue Apr 15 04:14:12 PDT 2008
On Mon, 14 Apr 2008 21:52:43 +0100, John Levine <johnl at iecc.com> wrote:
> Two more observations: One is the assumption that mail from subdomains
> is somehow automatically equivalent to mail from the enclosing domain.
> I don't see any reason for this to be true. I have one opinion about
> mail from foo at aol.com, and a rather lower opinion of mail from
> foo at 327cb72e.ipt.aol.com, without needing any help from ADSP.
OTOH, the converse is likely to be relevant to quite a lot of domains,
even if it does not apply to aol.com.
> The other is that if you're so desperate to provide complete ADSP
> coverage of subdomains, you can do it right now with a specialized DNS
> server that does the equivalent of synthesizing names from
> _adsp._domainkey.*.example.com. This is no worse a hack than the
> sorta kinda approaches, but unlike all of them, it would actually
Yes, that look interesting. But presumably it is more or less equivalent
to doing the full tree walk and then cacheing the result (being careful to
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131
Email: chl at clerew.man.ac.uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
More information about the ietf-dkim