On Jul 28, 2006, at 3:51 PM, william(at)elan.net wrote:
Additional benefit is that with redirection whoever put up the
policy can actually produce some statistics about which of the 3pl
listed domains are actually seen in the emails (based on dns logs
for <domain>._3pl._policy).
This seems like a clever idea, but there is really no need for two
queries.
The query would be <signing-domain>._dkim-policy.<domain>
$ORIGIN <domain>
*._dkim-policy RR "DSDL: <domain> MODE:closed"
designated-1._dkim-policy RR "DSDL: <designated-1> MODE: closed"
designated-2._dkim-policy RR "DSDL: <designated-2> MODE: closed"
*.designated-3._dkim-policy RR "DSDL: <*.designated-3> MODE: closed
Either a signing domains is designated or it is not. There is no
reason to indicate the designated domains is also within the same
domain as that of the OA. The only other useful element to valid a
source would be to indicate whether other non-designated domains are
valid sources. When other non-designated domains are allowed (open),
it seems pointless to attempt to indicate whether these undefined
domains should also be using DKIM.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
