On Mon, Oct 22, 2007 at 02:16:52PM -0700, Mark Delany wrote:
On Oct 22, 2007, at 1:37 PM, Jon Callas wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
So if he said i=subdomain.example.com, then surely the From/Sender
can be expected to be from that subdomain; and if he said
i=someone(_at_)example(_dot_)com, then surely recipients can assume that
'someone' had indeed played some part in sending it.
Absolutely not. DKIM is a protocol in which one administrative domain
speaks primarily to other administrative domain. It's not a domain-to-
user protocol nor a user-to-anything protocol. The i= parameter can
be anything the signing domain wants it to be. It is unlikely to be
an outright lie (for example, I mark all mail coming from alice with
bob), but it may be.
I liken i= to IDENT (RFC1413). The values *may* be meaningful to the
administrative domain, but that's all that can be said about it.
It would be very useful. Think
d=bigmarketingcompany.com
i=(_at_)brandA(_dot_)bigmarketingcompany(_dot_)com
d=bigmarketingcompany.com
i=(_at_)brandB(_dot_)bigmarketingcompany(_dot_)com
d=bigmarketingcompany.com
i=(_at_)brandC(_dot_)bigmarketingcompany(_dot_)com
etc.
One signing domain, one DKIM entry in DNS, but many identities.
--
:: Jeff Macdonald | Director of Messaging Technologies
:: e-Dialog | jmacdonald(_at_)e-dialog(_dot_)com
:: 131 Hartwell Ave. | Lexington, MA 02421
:: v: 781-372-1922 | f: 781-863-8118
:: www.e-dialog.com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html