dkim-ops
[Top] [All Lists]

Re: [dkim-ops] subdomain vs. cousin domain (when deploying"discardable")

2010-09-08 13:29:18
No, I'm suggesting that they publish an explicit dkim=unknown if that is their 
intent.

-Jim


On Sep 7, 2010, at 4:31 AM, Douglas Otis <dotis(_at_)mail-abuse(_dot_)org> 
wrote:

 On 9/6/10 7:59 PM, Jim Fenton wrote:
If you are using a subdomain and want to be doubly sure that nobody is 
using the parent domain check, you might want to publish an explicit 
ADSP record for the domain rather than rely on the default of 
"unknown" if that is what you want to assert.
Jim,

Are you suggesting corp.paypal.com should use ADSP dkim=all?  This is 
still likely to disrupt some mailing-list messages that corp.paypal.com 
might desire to share, and allow spoofed messages to gain acceptance 
using corp.paypal.com.

How will recipients know Jon Doe <ceo(_at_)corp(_dot_)paypal(_dot_)com> is 
less 
trustworthy than Jon Doe <ceo(_at_)paypal(_dot_)com>?  Bad actors may only 
need 
recipients to click on an attachment displayed as "paypal-policy.docx" 
referencing paypal-policy.docx.exe, or a link offering details on 
obtaining Referral Benefit pay-outs.

Ideally, only one domain should be used to exchange email, but currently 
ADSP is unable to safely permit this practice.  Unfortunately, 
subdomains are nearly as confusing as cousin domains.  However a 
recipient is likely to be more wary of cousin domains and to recognize 
paypal.com and trust its subdomains more than they should in this case.

-Doug
_______________________________________________
dkim-ops mailing list
dkim-ops(_at_)mipassoc(_dot_)org
http://mipassoc.org/mailman/listinfo/dkim-ops

_______________________________________________
dkim-ops mailing list
dkim-ops(_at_)mipassoc(_dot_)org
http://mipassoc.org/mailman/listinfo/dkim-ops

<Prev in Thread] Current Thread [Next in Thread>