Jim, So if they use our mta's The signatures would in fact be from cox.com as I don't believe there is a method to have us sign as foo.com as the reverse lookup for foo.com wouldn't match where the mail is coming from, unless I am missing a lot here. Please explain, Thanks,
Bill Oxley Messaging Engineer Cox Communications, Inc. Alpharetta GA 404-847-6397 [EMAIL PROTECTED] -----Original Message----- From: Jim Fenton [mailto:[EMAIL PROTECTED] Sent: Thursday, April 13, 2006 6:42 PM To: Oxley, Bill (CCI-Atlanta) Cc: [email protected] Subject: Re: [ietf-dkim] New issue: Signing by parent domains [EMAIL PROTECTED] wrote: > As an ISP we route customer mail thru our mta's, we have business customers that may use their own mta's. If a customer determines that entity at foo.com wishes to use use bar.com's mta are you saying that bar.com should not sign on foo.com's behalf? Will that no present a problem with the reception of foo.com's mail down stream when dkim sigs are expected everywhere? How do we resolve that? > Bill, This is a different issue entirely. Currently, foo.com is automatically entitled to sign for addresses in subdomains, e.g., [EMAIL PROTECTED], without any additional publication of keys. This doesn't affect the ability of foo.com to delegate authority to sign messages to bar.com. So as an ISP, your customers would have the choice of signing messages themselves using their own MTAs, or allowing you to sign messages for them by publishing public keys (selectors) in DNS which correspond to private keys you hold. In any case, it's also OK for you to also apply a signature as cox.com if you want, although for SSP purposes this would be considered a "third party" signature since it isn't a signature on behalf of the origination address. -Jim _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
