Mike Wolf wrote: > While on the topic of "o=", how about allowing a list of approved > third party signers to be included, rather than just declaring that > either no third party signing is allowed or everyone and their mother > can sign on your behalf? > This seems like an obvious improvement that could be > backwards-compatible with the current draft and would allow senders to > explicitly enumerate those third parties that are allowed to sign on > their behalf. > If I am missing some other way to do this or there is some reason why > this makes no sense, just explain it to me. > - Mike Wolf > One concern is that this doesn't scale. I have heard one large financial institution say that they have over 100 external senders of email.
Another concern is privacy; does a large corporation really want to enumerate a list of its mailing partners? It also makes the messages sent by the external party less "seamless" (it looks more like an external sender) and muddies the question of who is really responsible for the message, the originating domain or the party sending messages on their behalf. The preferred way to do this is to publish a key record (selector) for the external sender of email. The external sender signs messages just as if they were their client, and the client retains control of the relationship by being able to revoke a key record at any time. -Jim _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
