On Tue, Feb 14, 2006 at 03:21:35PM -0800, Markley, Mike allegedly wrote: > Jim Fenton asked me to write a blurb on this after discussing it with > him at the DKIM conference in Santa Clara. > > My understanding of the rules around the domain and the identity of a > message is that the identity (i=) must always be the same as the domain > (d=), OR a subdomain of it. Then, the public key published at > <selector>._domainkey.<domain> will be looked up. > > I am not, however, aware of any mechanism for preventing a malicious TLD
Presumably a malicious TLD operator can also change what name servers answer for your domain in which case they can completely assume your identity as far as DKIM is concerned. Mark. _______________________________________________ NOTE WELL: This list operates according to http://dkim.org/ietf-list-rules.html
