Forgive me if I repeat myself, but I still don't see anything wrong with this:
*._domainkey.example.com IN TXT "v=DKIM1; p=; n=revoked"
Do you have an actual use case for that sort of thing, or is it just an
example to poke at the "thou shalt not wildcard" wording?
That example above revokes all unknown keys.
On this message, I've encoded a timestamp and the pid into the DKIM
signature selector, so I can use my DNS query logs to get an idea of who's
checking the signatures on what messages.
These may not be fabulous uses of wildcards, but they are at worst
harmless. There's a lot of places in the DKIM spec where we say if you do
so-and-so, you'll be sorry. I'd like to avoid saying that unless we have
a good reason to do so, and I only see problems with wildcards above the
John Levine, johnl(_at_)iecc(_dot_)com, Primary Perpetrator of "The Internet for
Please consider the environment before reading this e-mail. http://jl.ly
Description: S/MIME Cryptographic Signature
NOTE WELL: This list operates according to