Wietse Venema wrote:
The current assumption used when asserting DKIM policy is that this
policy might apply across _all_ protocols used to carry messages that
might contain DKIM signatures. Either DKIM policy records need to
declare the scope of the protocols covered by the policy, or the label
used to discover a policy should employ different labels.
Policy assertions for _SSP records are limited to messages exchanged
by SMTP. When other protocols are used to receive messages, the
appropriate policy should be applied upon receipt, and/or the protocol
should be tracked within the message. One method for such tracking
could be implemented using Authenticated-Results headers.
Excuse my ignorance, but why limit DKIM (or SSP) to information
that is delivered via SMTP? They can work with any transport that
uses RFCx822 for content and that uses DNS for name resolution.
What I'd like to know is how we implement the electric chair for
violators of this prohibition.
NOTE WELL: This list operates according to