In addition, I would also note that it is extremely easy in a group like
this to lose track of how non-technical many domain owners are today.
Right, and that means that they use someone else to provide their
mail service.
Keep in mind that DKIM, unlike SPF, requires the active participation
of whoever runs your outgoing mail server to apply signatures, unless
you are enough of a weenie to run a signing engine in your MUA and do
your own key management. For the vast majority of non-technical
users, their ISP or hosting company's MTA will apply its own
signature, and that will be good enough. Indeed, it will probably be
better than a tiny domain's own signature, since whatever formal or
informal reputation systems recipients use are much more likely to
have entries for the ISP than for a tiny domain that sends 12 messages
a week.
I suppose it is hypothetically possible that providers will upgrade
their MTAs to support per-domain DKIM signing and out of perverse
hostility won't offer the DNS support for it. That has never
impressed me as a scenario likely enough to be worth inventing a new
mechanism with unknown security problems that has to be implemented by
all DKIM recipients.
R's,
John
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html