I want to thank everyone who chimed in with their informed opinions. Unfortunately I'm still where I started, i.e. smart, informed, well meaning professionals have completely opposing views on what "best practice" is in this regard.
-- Brett On Sep 8, 2010, at 3:41 PM, Hector Santos wrote: > Douglas Otis wrote: >> On 9/8/10 11:23 AM, Jim Fenton wrote: >>> No, I'm suggesting that they publish an explicit dkim=unknown if that is >>> their intent. >> It seems unlikely dkim=unknown will support their goal of ensuring most >> phishing attempts are blocked. It also seems unlikely this assertion >> will override rules intent on eliminating subdomain spoofing not >> otherwise handled by ADSP dkim=discardable. >> >> The TPA-Label draft attempted to avoid the dilemma created by >> dkim=discardable in respect to normal email use and its undefined >> handling of subdomains. >> >> IMHO, their best choice is likely to keep their corporate domain >> separate from their web presence and its transactional email. > > +1. > > The worst thing they can do is to have a relaxed policy with anything > resembling their brand name and domain, especially corp.paypal.com, in > public channels. The unfortunate thing is that we currently warming > up systems to view 3PS signatures as an "acceptable" idea and the only > way to deal with it is the single source vouching of the last signer > in the path. That single source vouching isn't going to happen. Not > every verifier is going to be buying into a single vendor vouching for > signers. > >> If they do >> follow your advice, their results would prove informative for others. > > DKIM=UNKNOWN will only provide value for SSA (Special Signing > Arrangement). > > It will negative impact a high value domain like paypal when it begins > to negatively warm up systems that don't have an association with a SSA. > > -- > Hector Santos, CTO > http://www.santronics.com > http://santronics.blogspot.com > > > _______________________________________________ > dkim-ops mailing list > [email protected] > http://mipassoc.org/mailman/listinfo/dkim-ops _______________________________________________ dkim-ops mailing list [email protected] http://mipassoc.org/mailman/listinfo/dkim-ops
