On Wed, 2006-09-06 at 10:08 -0400, Damon wrote: > Only because people insist that it *must* work in every scheme they > can make up. I believe that we could implement what we have discussed > and the fact that it won't work for everybody should be an asterisk. > It will work for most systems and I am comfortable with that. > Implementation is not a requirement.
What percentage of domains want to experience delivery issues when the 2822.From address is not signed by the same domain? An annotation scheme aimed at assuring an originating address should be able to satisfy virtually all domains. Introduce an optional m=<email-address> parameter to both the signature field and the key. This optional parameter could then work in conjunction with a designated domain when assuring this email-address. (Some might call this address a PRA, but it would not depend upon any proprietary algorithm.) An optional parameter added to the DKIM signature header not limited to a specific domain, as well as policy records that can associate signing domains with these other domains and offer far better coverage. Making this change would permit the largest percentages of the email-addresses to be assured by DKIM, while also permitting simple autonomous administration. This would fully leverage the capabilities of a policy record, where its administration also has a chance of scaling. -Doug _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
