----- Original Message ----- From: "SM" <[EMAIL PROTECTED]>
> This discussion seems to be about "Should we have an r= tag in > either the signature or key record" > >> A report vector acquired from the signing-domain would concern >> _only_ messages they have signed, and not messages that >> happen to contain an email-address within their domain. For >> domains where use of their > Are you talking about reporting DKIM signatures that cannot be > verified? If so, I don't see how you can trust the report vector > acquired from the signing-domain. IMO, its not as much an issue of trust, it could be a form of attacks, but so about rather operations. What are the report limits? Is the report-domain paying the validator to send reports, because if not, it could be pretty costly. I believe there are few implementations in SPF with reporting logic and I believe it uses some limits in report/notification. If the notification is not confirmed, then the domain is blocked in future failed transactions. Similar hindsight will be required for DKIM as well if this r= feature is to be part of the specs. -- Hector Santos, Santronics Software, Inc. http://www.santronics.com _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
