On 9/6/10 7:59 PM, Jim Fenton wrote: > If you are using a subdomain and want to be doubly sure that nobody is > using the parent domain check, you might want to publish an explicit > ADSP record for the domain rather than rely on the default of > "unknown" if that is what you want to assert. Jim,
Are you suggesting corp.paypal.com should use ADSP dkim=all? This is still likely to disrupt some mailing-list messages that corp.paypal.com might desire to share, and allow spoofed messages to gain acceptance using corp.paypal.com. How will recipients know Jon Doe <[email protected]> is less trustworthy than Jon Doe <[email protected]>? Bad actors may only need recipients to click on an attachment displayed as "paypal-policy.docx" referencing paypal-policy.docx.exe, or a link offering details on obtaining Referral Benefit pay-outs. Ideally, only one domain should be used to exchange email, but currently ADSP is unable to safely permit this practice. Unfortunately, subdomains are nearly as confusing as cousin domains. However a recipient is likely to be more wary of cousin domains and to recognize paypal.com and trust its subdomains more than they should in this case. -Doug _______________________________________________ dkim-ops mailing list [email protected] http://mipassoc.org/mailman/listinfo/dkim-ops
