That sounds to me like you are saying that DKIM first party signing is only
for big domains.
No, I'm saying that the anyone who wants to sign their mail with their
own domain can do so. If you want to delegate that to a service
bureau, we have working examples today of domains using NS delegation
to outsource their mail including DK signing. Even if you are too
cheap to use a DNS service that lets you put in NS records, your can
get much the same effect by having your mail service make up your
keys, send you CNAME or TXT records, and you cut and paste them into
your zone, not unlike the way that you help people to put in SPF
records.
"You're little, third party is good enough for you" is not the right answer.
Actually, what I was saying is "you're little, your ISP's signature is
the one that matters." I host a bunch of little domains, and I expect
to sign all of their mail with my own somewhat better known domain. I
should be able to sign the mail of people who want with their own
domain, probably at modest extra cost, but I doubt many will ask.
At this point I'm not suggesting an alternative. My point is that NS
subdomain delegation is not sufficient by itself.
If I understand your position, you are positing that someone will pay
between $20 and $50/mo for Internet access, probably some extra amount
per month for a DKIM-capable mail service, but they use a crummy DNS
service where they don't know how to put in NS records, and the $2/mo
it would cost to switch to a DNS service that does support them is an
insurmountable barrier. Maybe I'm getting hard hearted in my old age,
but pleas of selective ineptness or selective poverty do not make a
compelling argument for anything.
R's,
John
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html