On Thu, 7 Jun 2007, Hector Santos wrote:
Example #1:
A company may want a I ALWAYS SIGN ALL DOMAINS, with NEVER exceptions after
the b.c.d.foo.com subdomains:
*._SSP 0 TXT policy=ALWAYS
*.b.c.d._SSP 0 TXT policy=NEVER
Example #2:
A company may want a global NOMAIL, with exceptions:
*._SSP 0 TXT policy=NOMAIL
_SSP 0 TXT policy=ALWAYS
*.d._SSP 0 TXT policy=NEVER
d._SSP 0 TXT policy=OPTIONAL
c.d._SSP 0 TXT policy=ALWAYS
b.c.d._SSP 0 TXT policy=OPTIONAL
*.b.c.d._SSP 0 TXT policy=NEVER
The client need only to do 1 query for the specific email domain provided.
Lets try some real test example queries for example #2 domain polices using
the isdg.net domain:
email: isdg.net
query --> _ssp.isdg.net
This will return the ALWAYS policy (2nd record)
email: z.isdg.net
query --> z._ssp.isdg.net
This will return the NOMAIL policy (1st record)
email: d.isdg.net
query --> d._ssp.isdg.net
This will return the OPTIONAL policy (4th record)
email: q.d.foo.com
query --> q.d._ssp.foo.com
This will return the NEVER policy (3rd record)
Why would I look at q.d._ssp.foo.com rather then q._ssp.d.foo.com or
_ssp.q.d.foo.com?
--
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html