It would be a big problem because the advice that we have been giving the banks at the Anti-phishing working group for the past three years has been to use one domain exclusively for all their mail.
I don't know whether we need user level policy or not. What I do know is that we can construct a situation where the domain record is the master record and the per-user policy is only consulted if the domain lookup fails and so we don't have to make a decision now. I suggest we consider support for per user policy at the architectural level but leave it out of the core policy spec in the first instance. > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of John L > Sent: Thursday, September 07, 2006 12:23 PM > To: Michael Thomas > Cc: [email protected] > Subject: Re: [ietf-dkim] user level ssp > > > heard of is more aimed at securing things like > [EMAIL PROTECTED] > > without having to say "I sign everything" for the entire > domain which > > is assumedly a lot harder. The thing about this is that you can > > alternately set up a record for > [EMAIL PROTECTED] or somesuch which would work > the same way. > > I've heard it expressed that that is problematic for some > people, but > > I frankly don't remember why at this point. > > I think it's a problem for banks that signed up for the > $2.99/mo DNS hosting service and can't afford to switch to > the $7.99 version. > > R's, > John > > "Save at the Sign of the Sock" > _______________________________________________ > NOTE WELL: This list operates according to > http://mipassoc.org/dkim/ietf-list-rules.html > > _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
