Eliot Lear wrote:
an author domain administrator cannot adequately or easily express
the simple notion that only certain hosts are authorized to send
from a domain. We have thus missed the mark on what we are doing.
IMO "we" (TINW) are *not* reinventing SPF (or PRA a.k.a. Sender ID).
The admin knows which domains are used for mail, in your example of
a non-trivial organization these domains have MX records. Just add
_adsp._domainkey.example.com for each example.com with an MX record.
You'd run into problems for wildcard MX records, and for the known
cases of A(AAA) fallback without explicit MX, so that boils down to
three problematic cases:
1 - wildcard MX
2 - no MX, but an ordinary address (A or AAAA)
3 - no MX, no ordinary address, but a wildcard address
We discussed these problems for months now. (2) is no ADSP problem,
the admin is supposed to know "implicit MX" cases. (1) + (3) can't
be addressed without a DNS record directly at the domain, or without
Phil's general solution.
AFAIK the WG didn't want a new record type, it didn't want to share
SPF records, and it didn't want Phil's proposal, therefore (1) + (3)
won't work for ADSP. In practise wildcards are rare, aren't they ?
Frank
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html