Probably beating a dead horse, but...
Hallam-Baker, Phillip wrote:
I do not think it makes any sense to be publishing a policy that says
alsdkfjasdf.example.com is signed when no mail is going to ever be sent from
there.
Since there are wildcard MX records, we might want to consider being
able publish wildcard signing policy for the domain as well. I say
"might want to consider" because someone suggested that domains
publishing signing policy might prohibit use of MX wildcards, something
I'm still thinking about.
We already have mechanisms to say alsdkfjasdf.example.com sends no mail, and
they block the attack without any need for complexity in the search scheme.
Defining a mechanism for nomail is out of scope, stating that we might rely
on existing nomail schemes is not. One of the reasons the group agreed that
we did not need to do nomail is that it is already done by SenderID/SPF.
I'm pretty sure we don't want to create a normative dependence on an
experimental protocol here. I agree that the group consensus is that
nomail is out of scope, but I think it's dangerous to try to
characterize the motivations for that consensus. My own reasoning
doesn't have anything to do with SenderID/SPF.
-Jim
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html