[ietf-dkim] requirement for one ADSP record per DNS entry makes ADSP undeployable
Eliot Lear
lear at cisco.com
Tue May 27 05:23:55 PDT 2008
Frank Ellermann wrote:
> Eliot Lear wrote:
>
>
>> an author domain administrator cannot adequately or easily express
>> the simple notion that only certain hosts are authorized to send
>> from a domain. We have thus missed the mark on what we are doing.
>>
>
> IMO "we" (TINW) are *not* reinventing SPF (or PRA a.k.a. Sender ID).
>
> The admin knows which domains are used for mail, in your example of
> a non-trivial organization these domains have MX records. Just add
> _adsp._domainkey.example.com for each example.com with an MX record.
The problem is when there are hundreds or thousands of hosts beneath
example.com. How many commercial DNS management systems can handle that
from a provisioning point of view?
Eliot
More information about the ietf-dkim
mailing list