If the above is possible, how should/can it be avoided?
The usual approach is by using different domains. Disregarding the
courtesy forwarding swamp, it makes sense for a bank to say that its
transactional notices, e.g., "you're overdrawn", shouldn't be coming
from any place but the bank, and shouldn't be appearing on mailing
lists. On the other hand, it's perfectly reasonable for employees
to be participating in work-related mailing lists.
Since there's different policies for transactional mail and mail from
employees and DKIM's granularity is domains, if you want to use DKIM
and SSP, you'd best send the transaction mail from one domain and the
personal mail from another. I see banks doing this already. Even the
small ones tend to have a bunch of domains for all the variants of
their name.
As others have noted, the current SSP is as much a straw man as a
practical candidate for implementation. Maybe we'll find a workable
way to get the granularity down lower, maybe we'll decide that the
current granularity is OK, maybe we'll discover that we need something
totally unlike SSP. But we don't need to solve any of this now.
R's,
John
_______________________________________________
ietf-dkim mailing list
http://dkim.org