MH Michael Hammer (5304) wrote:
So question for you Ellen - or anyone else (and not meant to be
snarky)..... If my company/organization chooses to assert that ALL email
sent from ag.com will be signed using DKIM and we use a strong assertion
for SPF (or anything else), are you really willing to argue that your
company should have the right to send mail purporting to be from ag.com
(in the From field) because an individual approached you to mail for
them? What if my company does it for their well known brands (which we
are working on now)? I would think that you would want to check the
policy assertions of the domain in question before you even attempt to
send on behalf of that address.
I've been making this point. If you are going to be sending mail on
behalf of others, you better make sure the domain in question is
prepared to allowed 3rd party signatures.
In the absence of an assertion (through whatever means, including SSP)
by a domain owner then I see no conflict with a 3rd party
sending/signing for an individual account user. In the event of a domain
making a strong assertion per the standard it would be foolish of the
standard not to require receivers to make such a check. To do otherwise
defeats the notion of a strong/strict assertion.
Thank you.
There were various proposals which allowed a receiver to lookup the SSP
and determine which 3rd party domains where allowed to sign on its behalf.
However, I believe, the concern was that it did not scale well, i.e.,
how large can be 3PS list be in the SSP record?
I always felt this is going to be required.
--
Sincerely
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html