On Jun 4, 2007, at 4:35 PM, Damon wrote:
It is? If I sign everything for my domain, I'd like to be able to
say that for both the top level domain, and all of the subdomains
too, right?
I think it is better to say, '*' means: ...and everything else.
So the subdomains that are not currently signed are covered under
the '*' rule. Which begs the question, if ~any~ subdomain is
signed, wouldn't the top level have to have to be signed even
though it may be .nomail?
An "all email signed" assertion creates an identical discovery
problem as that of a statement of "no email sent." "No email sent"
is relevant to the DKIM process. A "no email sent" assertion might
provide protection against additional query traffic. It might also
provide recipients lower overhead when dealing with spoofed
signatures. It is not clear why a "no mail sent" assertion must be
excluded from a policy statement. Surely not every subdomain will be
signing messages and sending email.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html