It is however vital that some standardize convention for expressing this
information be provided by the DKIM mechanism, or there is a real
possibility that DKIM will make the situation worse when signing domains
resort to using more domain names to distinguish between differ levels
of vetted sources. This strategy would greatly weaken domain-name
recognition, and much of the value that could be derived by
incorporating DKIM signing.
Since we don't know what the arguments to r= mean, I don't understand why
r=xxx is better than xxx._domainkeys.foo.org, in both cases with an xxx
that means nothing unless you happen to have a side agreement with the
sender.
More to the point, systems to evaluate the reputation of a sender or
signer are utterly, completely out of scope for the DKIM project. As we
keep reminding ourselves, a valid signature from foo.org means no more or
less than "you can blame foo.org if you don't like this."
Regards,
John Levine, johnl(_at_)iecc(_dot_)com, Primary Perpetrator of "The Internet for
Dummies",
Information Superhighwayman wanna-be, http://johnlevine.com, Mayor
"I dropped the toothpaste", said Tom, crestfallenly.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html