In addition, we completely ignore DomainKey junk like where nearly most of the time it fails anyway. It is a prime example of the JUNK we are trying to eliminate.
=== HLS ----- Original Message ----- From: "Hallam-Baker, Phillip" <[EMAIL PROTECTED]> To: "John L" <[EMAIL PROTECTED]>; "DKIM List" <[email protected]> Sent: Tuesday, August 29, 2006 7:41 PM Subject: RE: [ietf-dkim] Delegated signatures in real life > Orbitz might not care about the security issues raised by allowing > doubleclick to sign messages on behalf of their CEO and other > executives. Many others will. > > This is a security area spec, least privilege must apply > wherever possible. > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of John L > > Sent: Tuesday, August 29, 2006 6:18 PM > > To: DKIM List > > Subject: [ietf-dkim] Delegated signatures in real life > > > > Here's the headers from a message that Doubleclick just sent > > to my Yahoo account on behalf of Orbitz. Note that the From: > > address and DK signature are in email.orbitz.com, even though > > it was sent by Doubleclick from a Doubleclick IP. Yahoo > > thoughfully displayed a little now saying that the DK > > signature was good when I looked at the message. I also > > include the key record, retrieved from Doubleclick's name servers. > > > > Senders already use NS delegation to let third parties put on > > first party DK signatures. It works. It's popular. There > > is no need to invent another way to solve this solved problem. > > > > Regards, > > John Levine, [EMAIL PROTECTED], Primary Perpetrator of "The > > Internet for Dummies", Information Superhighwayman wanna-be, > > http://www.johnlevine.com, Mayor "More Wiener schnitzel, > > please", said Tom, revealingly. > > > > > > X-Apparently-To: [EMAIL PROTECTED] via 206.190.38.154; Tue, > > 29 Aug 2006 07:42:48 -0700 > > X-Originating-IP: [198.31.62.19] > > Authentication-Results: mta162.mail.mud.yahoo.com > > from=email.orbitz.com; domainkeys=pass (ok) > > Received: from 198.31.62.19 (EHLO mta.email.orbitz.com) > > (198.31.62.19) > > by mta162.mail.mud.yahoo.com with SMTP; Tue, 29 Aug 2006 > > 07:40:52 -0700 > > DomainKey-Signature: s=dk; d=email.orbitz.com; c=nofws; > > q=dns; > > b=nUvGhBPdC8bKVo8E/nLbHWcPJE7mFu83ePkSkmcE91EYdNUb7Wl4emekvK3t > > kHzRCu1u94C7oWy5xX/HOjRBOkudiRdnWaTMkZmHypYllnuyUX71y7WhkeojckSbInn6; > > Date: Tue, 29 Aug 2006 10:40:32 -0400 (EDT) > > From: "Orbitz"<[EMAIL PROTECTED]> > > To: [EMAIL PROTECTED] > > Subject: Joe, Sale Ending & Rochester Flights from $142 r/t > > MIME-Version: 1.0 > > Content-Type: text/html; charset="us-ascii" > > Content-Transfer-Encoding: 7bit > > Content-Length: 6278 > > > > (look for the key record) > > > > $ dig dk._domainkey.email.orbitz.com txt > > > > ; <<>> DiG 9.3.1 <<>> dk._domainkey.email.orbitz.com txt ;; > > global options: printcmd ;; Got answer: > > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23293 ;; > > flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 > > > > ;; QUESTION SECTION: > > ;dk._domainkey.email.orbitz.com. IN TXT > > > > ;; ANSWER SECTION: > > dk._domainkey.email.orbitz.com. 21600 IN TXT > > "p=MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhALdLXrYpY2RRUPHr6ph9jVnrFAY > > vyNjEgGVRmxjiu2EUBEyQDKFOSiDzS00xN/HaIt5IknLJumgu/YdaHhHAgsnnO > > RUV1JwDcOZ3Xo3Iz9cT3ojg4us6SpQhl01dVGS6dwIDAQAB\;" > > > > > > _______________________________________________ > > NOTE WELL: This list operates according to > > http://mipassoc.org/dkim/ietf-list-rules.html > > > > > > _______________________________________________ > NOTE WELL: This list operates according to > http://mipassoc.org/dkim/ietf-list-rules.html > _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
