>For comparison: Do people actually get spam based on, for example, the >contact address published in SOA records at the top of a DNS zone? I've >never heard of such a thing.
No, but they definitely get spam at anything that looks like an address that can be scraped out of a web archive. >For a domain that has only a few selectors in use, sure. But suppose >someone starts using keys on a per-user basis (or any other method that >requires a huge number of signing keys), then changes the hash >requirements. Any large organization could then have an enormous number >of records to update. It sure would be nice to be able to change it in >just one place, like a signing policy. Any organization that creates an enormous number of records and doesn't have automated ways to manage and update them has worse problems than we can solve. Key management strikes me as another item that would be appropriate for a BCP rather than in the DKIM spec. R's, John _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
