John Levine:
> >Another way is to have a dkim tag that specify the header that
> >indicates the stream classification
>
> >Many ways to kill the same bird.
>
> If there is a reason why people aren't able to use a d= domain per
> stream, I wish someone would explain in simple terms that even a
> dimwit like me can understand.
>
> The only arguments I'm aware of is that hostile or incompetent DNS
> managers refuse to install key records, which isn't a very good reason
> to add cruft to a standard and "I want to do it some other way" which
> is even worse.
To give a productive spin to the discussion:
One little-known DKIM fact is that one does not need a different
DNS record per d= domain. One strategically-chosen wild-card under
_domainkey.example.com suffices (e.g. one per sub-organization).
I agree that a different DNS record per d= domain can be a barrier
for non-trivial organizations that have non-trivial latencies due
to bureaucracy or even outsourcing, while bad guys in their small
shops can crank out DNS records with negligible effort.
Wietse
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
