Date: Tue, 8 Jan 2008 10:34:27 -0800
From: fenton(_at_)cisco(_dot_)com
To: robert(_at_)barclayfamily(_dot_)com
CC: ietf-dkim(_at_)mipassoc(_dot_)org
Subject: Re: [ietf-dkim] Possible issue with Parent Domain logic in SSP
robert(_at_)barclayfamily(_dot_)com wrote:
So if I am bank.com and have a significant problem with misuse of that
exact domain and want to use SSP to help mitigate that risk but I have
allocated a subdomain to some third part (say thirdparty.bank.com) it
looks like my choices come down to
1) Publish SSP with dkim=unknown until thirdparty creates their own
SSP record for thirdparty.bank.com
2) Take thirdparty.bank.com back from thirdparty and manage the DNS
for whatever services they provide myself
3) Publish ssp with dkim=strict and let mail for thirdparty fail to be
validated
There's a fourth option that is designed to cover exactly this case:
4) Publish ssp with dkim=strict and t=s and it will not apply to
subdomains like thirdparty.bank.com.
Of course, when you do this, it applies to all subdomains (and
hostnames), not just thirdparty.
Does this address your concern?
-Jim
Yes, I think it does. Not sure how I missed that step.
Thanks,
Robert
_________________________________________________________________
Watch “Cause Effect,” a show about real people making a real difference.
http://im.live.com/Messenger/IM/MTV/?source=text_watchcause
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html