>It seems like a small benefit we're getting through "parental" signing, >offset by a small threat. How do others feel about this?
There's no threat. Despite a certain amount of wishful thinking to the contrary, the design of DNS makes subdomains absolutely completely under the control of the domains from which they are delegated. If you want to limit what the organization running your parent domain can do, you do so by contracts and lawsuits, not anything technical. I have always opposed making rules that can't be enforced, and a no parent rule would be completely unenforcable since a parent domain could, if so inclined, use any of a wide variety of techniques to stuff records into subdomains anyway. On the other hand, it's not hard to think of uses for parent signatures. For example, Time Warner's Roadrunner cable service is organized into geographic regions with each region having addresses in its own mail domain, such as [EMAIL PROTECTED] here in central NY. But they have one abuse desk for the whole company, so it's quite plausible that they'd want to do the signing from rr.com. R's, John _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
