Orbitz might not care about the security issues raised by allowing
doubleclick to sign messages on behalf of their CEO and other
executives. Many others will.
Actually, Doubleclick signs for email.orbitz.com, which is not the domain
where the execs have their addresses. If there is some security problem
here, you'll have to explain more clearly what it is.
This is a security area spec, least privilege must apply wherever possible.
Sure, but don't forget that the D in DKIM stands for Domain. The
granularity is domains, not mailboxes. If you want per-mailbox
signatures, DKIM isn't what you're looking for.
Regards,
John Levine, johnl(_at_)iecc(_dot_)com, Primary Perpetrator of "The Internet for
Dummies",
Information Superhighwayman wanna-be, http://johnlevine.com, Mayor
"I dropped the toothpaste", said Tom, crestfallenly.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html