Probably beating a dead horse, but... Hallam-Baker, Phillip wrote: > I do not think it makes any sense to be publishing a policy that says > alsdkfjasdf.example.com is signed when no mail is going to ever be sent from > there. > Since there are wildcard MX records, we might want to consider being able publish wildcard signing policy for the domain as well. I say "might want to consider" because someone suggested that domains publishing signing policy might prohibit use of MX wildcards, something I'm still thinking about. > We already have mechanisms to say alsdkfjasdf.example.com sends no mail, and > they block the attack without any need for complexity in the search scheme. > > Defining a mechanism for nomail is out of scope, stating that we might rely > on existing nomail schemes is not. One of the reasons the group agreed that > we did not need to do nomail is that it is already done by SenderID/SPF. >
I'm pretty sure we don't want to create a normative dependence on an experimental protocol here. I agree that the group consensus is that nomail is out of scope, but I think it's dangerous to try to characterize the motivations for that consensus. My own reasoning doesn't have anything to do with SenderID/SPF. -Jim _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
