No, I'm suggesting that they publish an explicit dkim=unknown if that is their intent.
-Jim On Sep 7, 2010, at 4:31 AM, Douglas Otis <[email protected]> wrote: > On 9/6/10 7:59 PM, Jim Fenton wrote: >> If you are using a subdomain and want to be doubly sure that nobody is >> using the parent domain check, you might want to publish an explicit >> ADSP record for the domain rather than rely on the default of >> "unknown" if that is what you want to assert. > Jim, > > Are you suggesting corp.paypal.com should use ADSP dkim=all? This is > still likely to disrupt some mailing-list messages that corp.paypal.com > might desire to share, and allow spoofed messages to gain acceptance > using corp.paypal.com. > > How will recipients know Jon Doe <[email protected]> is less > trustworthy than Jon Doe <[email protected]>? Bad actors may only need > recipients to click on an attachment displayed as "paypal-policy.docx" > referencing paypal-policy.docx.exe, or a link offering details on > obtaining Referral Benefit pay-outs. > > Ideally, only one domain should be used to exchange email, but currently > ADSP is unable to safely permit this practice. Unfortunately, > subdomains are nearly as confusing as cousin domains. However a > recipient is likely to be more wary of cousin domains and to recognize > paypal.com and trust its subdomains more than they should in this case. > > -Doug > _______________________________________________ > dkim-ops mailing list > [email protected] > http://mipassoc.org/mailman/listinfo/dkim-ops _______________________________________________ dkim-ops mailing list [email protected] http://mipassoc.org/mailman/listinfo/dkim-ops
