> -----Original Message----- > From: Murray S. Kucherawy [mailto:[email protected]] > Sent: Monday, September 13, 2010 3:21 PM > To: MH Michael Hammer (5304); McDowell, Brett > Cc: [email protected] > Subject: RE: [dkim-ops] BCP for authorizing third-parties ([...] was > subdomain vs. cousin domain) > > > -----Original Message----- > > From: MH Michael Hammer (5304) [mailto:[email protected]] > > Sent: Monday, September 13, 2010 12:09 PM > > To: McDowell, Brett; Murray S. Kucherawy > > Cc: [email protected] > > Subject: RE: [dkim-ops] BCP for authorizing third-parties ([...] was > > subdomain vs. cousin domain) > > > > There is actually another approach besides what you indicate above. A > > domain can delegate a domain or subdomain to the 3rd party and let them > > generate the keys and signature. > > Yes, that's true. But both methods effectively make the third-party > signer a part of the same domain as far as DKIM goes, inasmuch as the > delegation is transparent to the verifier. So, in the end, they look > identical.
Actually not quite true Murray. If I am signing for americangreetings.com and I delegate email.americangreetings.com to ExactTarget (a real example) and they are generating their own keys for email. and signing, that is a first party signature as far as the verifier is concerned (not 3rd party). It also doesn't integrate email. into the base domain of americangreetings.com from a verifier perspective. Mike _______________________________________________ dkim-ops mailing list [email protected] http://mipassoc.org/mailman/listinfo/dkim-ops
