Michael Thomas wrote: > That may be a use (though pretty unlikely to me), but the use case > that I've > heard of is more aimed at securing things like [EMAIL PROTECTED] > without > having to say "I sign everything" for the entire domain which is > assumedly a > lot harder. The thing about this is that you can alternately set up a > record for > [EMAIL PROTECTED] or somesuch which would work the same > way. > I've heard it expressed that that is problematic for some people, but > I frankly don't > remember why at this point. Hopefully somebody can remind me. Suppose that, at the domain level, bigbank.com can't say it signs everything but accounts.bigbank.com does. If someone received a spoofed message from [EMAIL PROTECTED] which didn't contain a valid signature, the fact that it didn't come from the 'accounts' subdomain might not be noticed.
I'm just stating the argument, not advocating user-level SSP. I think the above problem is venturing too far down the slippery slope of trying to solving a human-factors issue, especially considering the overhead associated with user-level SSP queries. -Jim _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
