Franck Martin wrote:
Any way to tell someone its signature is used in third party signing?
AFAIK, not in a standard fashion
As Doug pointed out, you can detect that it appears to be 3rd party,
but the long debated issue has been how to determine if the
3rd party was "authorized" to sign for the 1st party domain (Author
Domain, From:)
This was the original DKIM idea - to include POLICY ideas like this.
DKIM was then separated as DKIM-BASE and SSP. SSP had policies like:
I don't send mail
I always sign
I sometimes sign
I allow 3rd party signers.
I have a good diagram that illustrates the logic flow when SSP policy
was considered:
http://www.winserver.com/public/ssp-old/ssp.htm
In short, verifiers could do policy DNS lookup and check the "o=" tag:
o=. NEVER (no mail expected)
o=? WEAK (signature optional, no third party)
o=~ NEUTRAL (signature optional, 3rd aparty allowed)
o=- STRONG (signature required, 3rd party allowed)
o=! EXCLUSIVE (signature required, no 3rd party)
o=^ USER
If it was o=? or o=!, then that means no 3rd parties signing was
expecting. If it was o=~ or o=-, then 3rd party was allowed, etc.
But unfortunately, the January 2008 blockbuster shock of the year, out
of the blue, SSP was stripped down to what we have today ADSP which
for the most part only has:
dkim=unknown The domain might sign some or all email.
dkim=all I always sign, only me. "Don't delete?"
dkim=discardable same as all "but you can delete?"
Maybe someone can confirm that, but I'm sure sure that is basically
all it offers.
To answer your question - not possible.
The topic here "NO DKIM" was trying to redeem something of the based
spec hopefully, the NULL PUBLIC KEY and that idea came from the author
of DKIM. A customer of ours got noticed from one of their vendors
about DKIM signing and wanted to know what can they do to isolate it.
--
Sincerely
Hector Santos
http://www.santronics.com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html