-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
So if he said i=subdomain.example.com, then surely the From/Sender
can be expected to be from that subdomain; and if he said
i=someone(_at_)example(_dot_)com, then surely recipients can assume that
'someone' had indeed played some part in sending it.
Absolutely not. DKIM is a protocol in which one administrative domain
speaks primarily to other administrative domain. It's not a domain-to-
user protocol nor a user-to-anything protocol. The i= parameter can
be anything the signing domain wants it to be. It is unlikely to be
an outright lie (for example, I mark all mail coming from alice with
bob), but it may be.
Suppose you have "sales(_at_)example(_dot_)com" whereby any salescritter can
send an email coming from the sales department. Both Alice and Bob
are sending emails, and the DKIM signer is going to mark it as
"sales(_at_)example(_dot_)com". That's well enough, because it doesn't matter
to
you if Alice or Bob sent it.
However, unbeknownst to you, Alice has told Marketing about their
fancy mail system and because of that Marketing mail also gets marked
as i=sales(_at_)example(_dot_)com(_dot_) To make things worse, Bob told the HR
department and all their job recruiting mail also goes out from that
MTA and thus is marked as sales as well.
The IT staff knows about this and isn't happy, but they either have
to turn a blind eye to it or set up servers from Marketing and HR,
and that's not in the budget. So they just turn a blind eye to it.
Jon
-----BEGIN PGP SIGNATURE-----
Version: PGP Universal 2.6.3
Charset: US-ASCII
wj8DBQFHHQn9sTedWZOD3gYRAnHRAKD96cwXDL/cCwSRlFba3VAPARKM6wCcDQ9i
Rk0xpb/ZgR6BXVqcigUm4kM=
=hhyj
-----END PGP SIGNATURE-----
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html