On Sep 6, 2006, at 1:47 PM, J.D. Falk wrote:
On 2006-09-06 10:45, Hallam-Baker, Phillip wrote:
The main value I see in user level policy is easing phased
deployment. If you are a bank with 100,000 employees with email
and you want to deploy DKIM you probably want some form of hook
that lets you do it in stages.
So they'll have 100,000 SSP records?
Perhaps there's an easier, more flexible, more scalable hook...like
"we don't sign all mail."
The application envisioned would be to limit annotations for email-
addresses where an assurance is desired. This avoids needing to have
a local-part pre-entered into the address book when this is used as
an annotation filter. Perhaps these addresses would be accounts@ or
administrator@, and something different later. Just a simple list
could be used when only a few email-addresses warrant special
annotations. There is also an ability to use a hash of the local-
part over a domain lookup method to infinitely expand this list, at
the expense of an added DNS transaction. These records should be
small and short-lived.
Financial institution would be able to then limit the number of email-
addresses automatically receiving special annotations. Transactional
messages could by convention use specific email-addresses for these
messages. The convention in use would be conveyed by the policy
record. Perhaps Yahoo! could use admin@ or accounts@ addresses to
differentiate staff or transactional messages from those of other
users. The number of these email-addresses will likely be fairly
limited, and can be limited by convention.
If there is a desire to apply a policy to all but a few email-
address, then a hash over domain method in conjunction with a
wildcard offers another solution.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
