On Wednesday, October 05, 2011 09:48:18 PM Murray S. Kucherawy wrote: > > 5. In-band advertising vs out-of-band vs overloading DKIM > > > > > > > > For many use cases this functionality could be handled by in-band > > advertising (e.g. a "DKIM-Errors-To: [email protected]" header). > > Interesting idea as well. What do others think?
I thought we concluded that we wanted the reporting address to be localpart only plus the signing domain to preclude people using these records as a vector to mail bomb somebody else. If so, that would be true for this approach too. Since this is a message with a failed signature, I don't know if that content is valid, whereas if it's in the DNS record, then I know (modulo DNS spoofing) that it's provided by the domain owner. From a security/reliability perspective I think in-band is much weaker. Scott K _______________________________________________ marf mailing list [email protected] https://www.ietf.org/mailman/listinfo/marf
