----- Original Message -----
From: "SM" <sm(_at_)resistor(_dot_)net>
This discussion seems to be about "Should we have an r= tag in
either the signature or key record"
A report vector acquired from the signing-domain would concern
_only_ messages they have signed, and not messages that
happen to contain an email-address within their domain. For
domains where use of their
Are you talking about reporting DKIM signatures that cannot be
verified? If so, I don't see how you can trust the report vector
acquired from the signing-domain.
IMO, its not as much an issue of trust, it could be a form of attacks, but
so about rather operations.
What are the report limits? Is the report-domain paying the validator to
send reports, because if not, it could be pretty costly.
I believe there are few implementations in SPF with reporting logic and I
believe it uses some limits in report/notification. If the notification is
not confirmed, then the domain is blocked in future failed transactions.
Similar hindsight will be required for DKIM as well if this r= feature is to
be part of the specs.
Hector Santos, Santronics Software, Inc.
NOTE WELL: This list operates according to