> -----Original Message----- > From: MH Michael Hammer (5304) [mailto:[email protected]] > Sent: Monday, September 13, 2010 12:27 PM > To: Murray S. Kucherawy; McDowell, Brett > Cc: [email protected] > Subject: RE: [dkim-ops] BCP for authorizing third-parties ([...] was > subdomain vs. cousin domain) > > Actually not quite true Murray. > > If I am signing for americangreetings.com and I delegate > email.americangreetings.com to ExactTarget (a real example) and they > are > generating their own keys for email. and signing, that is a first party > signature as far as the verifier is concerned (not 3rd party). > > It also doesn't integrate email. into the base domain of > americangreetings.com from a verifier perspective.
But I, as a verifier, can't tell that email.americangreetings.com is actually a third party. It's just another domain to me. Things like TPA or DSAP attempt to make the delegation of authority visible, but the ones that use DNS mechanisms like CNAME and NS don't do so. _______________________________________________ dkim-ops mailing list [email protected] http://mipassoc.org/mailman/listinfo/dkim-ops
