ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] Are subdomains like parent domains?

2008-04-29 08:24:36
On 29 Apr 2008 15:10:17 -0000, John Levine <johnl(_at_)iecc(_dot_)com> wrote:
I think I am not looking for an implicit assumption to have the same
opinion about a.b.foo.com. I am thinking of how, as a sender, can I
sign and allow (by actively providing the ability to denote good mail
signed as) foo.com or a.foo.com but prevent the use of (by actively
encouraging filter or reject of) beans.rice.a.foo.com.

Ah, but that begs the question.

What I was asking a few messages back is why anyone who's actually
involved in running e-mail would care whether someone forged
beans.rice.a.foo.com.

Yahoo and Hotmail seem to be good candidates to want this. I'm open to
hearing otherwise from them. I think a lack of response on this list
is not equivalent to a negative response, though.

My underlying point is that I need to understand more about how
phishers, once locked out of use of bigbank.com due to DKIM+ADSP, can
best be persuaded to avoid use of account.info.bigbank.com, or any
other subdomain that they've thought of, that I haven't.

Has nothing to do with anyone's legal department. I'd recommend we
pretend that was never raised as a point.

Regards,
Al Iverson
-- 
Al Iverson on Spam and Deliverability, see http://www.spamresource.com
News, stats, info, and commentary on blacklists: http://www.dnsbl.com
My personal website: http://www.aliverson.com   --   Chicago, IL, USA
Remove "lists" from my email address to reach me faster and directly.
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html