On 6/22/10 5:07 PM, John Levine wrote: > Not quite, it's a third party's assertions that are somewhat but not really > like ADSP > > As far as I know Amazon doesn't make any ADSP assertions, but it is my > impression that they sign all their transactions with DK or DKIM, and > they're certainly a phish target, so it would be reasonable to drop > unsigned Amazon mail anyway. > What happens when Amazon has a service using a parent signature? As a result of a third-party vouching service, their messages might be discarded, and they won't become aware of the issue until damage is wide spread. TINLA, but it seems having a service advocating for the discard of someone elses's email could be a liability. How does one determine whether a vouching service is authoritative for the domain in question? Please don't say use another vouching service, because the issue is _who_ should decide whether a message must have a valid Author-Domain signature or be discarded.
-Doug _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
