On Mar 11, 2008, at 11:16 AM, Dave Crocker wrote:
Again, to repeat what I said at the mic:
The current, 3-step procedure is certainly an improvement, however I
understand the need for the second step, in terms of ASP
In any early discussion of this, I believe Jim said he thought it
carry-over from an earlier version of the spec where the need was
In any event, I think the current question is: What is it about ASP
opposed to concerns outside of ASP's scope -- that requires checking
Avoiding domain tree walking compatible with wildcards w/o depending
a) MX mandate in conjunction with DKIM Policy
- an empty TXT records can disavow DKIM/SMTP.
- empty TXT records compatible with wildcard TXT records used by
- empty wildcard TXT records compatible with TXT records used by
- consumes smallest amount of DNS cache.
- improves positive caching rates.
- provides much stronger domain protection.
- becomes much simpler when MX is required by SMTP.
b) domain tree walk-up
- results indeterminate when wildcards are in use.
- exposes parent domains to a high volume of transactions
dependent upon negative
- imposes expectation of policy to override possible parent
NOTE WELL: This list operates according to