Steve Atkins wrote:
If there were another field in the DKIM-Signature header, or an
entirely separate email header covered by the DKIM signature, that
stated "all email sent using this domain in the From field will be
DKIM signed" then any receiving MTA or MTA cluster could keep track of
that state (probably using their existing reputation tracking system
in the case of large receivers, and using a fairly trivial extension
to their DKIM plugins in the case of smaller ones).
If nothing else, this would make revocation sort of... bizarre
and unpredictable. The implication is that I'd have to send $you
mail (for $you == 'universe') to get you to nuke my record in your
database. Of course every good protocol becomes a control protocol
for others, but still this seems a little whacked even by that
standard :)
Mike
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html