[EMAIL PROTECTED] wrote: > As an ISP we route customer mail thru our mta's, we have business customers > that may use their own mta's. If a customer determines that entity at foo.com > wishes to use use bar.com's mta are you saying that bar.com should not sign > on foo.com's behalf? Will that no present a problem with the reception of > foo.com's mail down stream when dkim sigs are expected everywhere? How do we > resolve that? > Bill,
This is a different issue entirely. Currently, foo.com is automatically entitled to sign for addresses in subdomains, e.g., [EMAIL PROTECTED], without any additional publication of keys. This doesn't affect the ability of foo.com to delegate authority to sign messages to bar.com. So as an ISP, your customers would have the choice of signing messages themselves using their own MTAs, or allowing you to sign messages for them by publishing public keys (selectors) in DNS which correspond to private keys you hold. In any case, it's also OK for you to also apply a signature as cox.com if you want, although for SSP purposes this would be considered a "third party" signature since it isn't a signature on behalf of the origination address. -Jim _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
