John Levine wrote: >>> It certainly is an option, and it would certainly work. But >> personally, I reserve use of the words "best practice" for things that >> have been shown to work better than all other options. I don't know >> that that's been measured yet. >> Good point... I figured someone would say it :-) > > The real problem is that we're all guessing. If everyone followed the > rules for DKIM and ADSP, it wouldn't matter what domains you used, > since the specs make it quite clear that as far as DKIM is concerned, > there's no relation between one domain and another, even if one is a > subdomain of another.
But here you are expressing an opinion not everyone agrees with now the 4871 specs say this. I don't endorse what 4871bis says about separating the association because its another engineering conflict and mistake. As long as the DKIM binds the 5322.From as a signature requirement - not an option, it will always, by technical engineering design, be an association and relationship. Yes, we all know you want to break that relationship hence all the policy conflicts. You just can't have software do one thing and use "words" to says it means nothing. It doesn't work. It doesn't make sense and you will always have that thorn on the side. If you want to break that signature bind, then remove the 4871 requirement to hash the 5322.From header. Only then will it make sense. But I still think you will never break the ultimate association: From::Message that everyone sees, regardless of who signs. -- Hector Santos, CTO http://www.santronics.com http://santronics.blogspot.com _______________________________________________ dkim-ops mailing list [email protected] http://mipassoc.org/mailman/listinfo/dkim-ops
