Since Amazon set it up in the first place, wouldn't they be keenly aware of the service signing issues?
Mute point if they understand what they are doing. Regards, Damon Sauer. Sent from my Verizon Wireless BlackBerry -----Original Message----- From: Douglas Otis <[email protected]> Sender: [email protected] Date: Tue, 22 Jun 2010 17:37:26 To: <[email protected]> Subject: Re: [ietf-dkim] New Version Notification for draft-levine-dbr-00 (fwd) On 6/22/10 5:07 PM, John Levine wrote: > Not quite, it's a third party's assertions that are somewhat but not really > like ADSP > > As far as I know Amazon doesn't make any ADSP assertions, but it is my > impression that they sign all their transactions with DK or DKIM, and > they're certainly a phish target, so it would be reasonable to drop > unsigned Amazon mail anyway. > What happens when Amazon has a service using a parent signature? As a result of a third-party vouching service, their messages might be discarded, and they won't become aware of the issue until damage is wide spread. TINLA, but it seems having a service advocating for the discard of someone elses's email could be a liability. How does one determine whether a vouching service is authoritative for the domain in question? Please don't say use another vouching service, because the issue is _who_ should decide whether a message must have a valid Author-Domain signature or be discarded. -Doug _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
