Informative Note: DKIM signatures by parent domains as described in
section 3.8 of [RFC4871] (in which a signer uses "i=" to assert
that it is signing for a subdomain) do not satisfy the requirements
for an Author Domain Signature as defined above.
Since there is no other reference to i= in the ADSP document, the
reason to put in a note like this is to warn people who have a
mistaken impression of the way that ADSP works. If we're going to do
that, there's quite a lot of other warnings that are at least as
important to add, such as:
A signature whose d= matches the domain of a Sender: address does not
satisfy ADSP unless the Sender: and From: addresses are in the same
domain.
A signature whose d= matches the domain of a Resent-From: or
Resent-Sender: address does not satisfy ADSP unless that address and
the From: addresses are in the same domain.
A signature whose d= matches the RFC 2821 envelope MAIL FROM address does
not satisfy ADSP unless the MAIL FROM and From: addresses are in the
same domain.
A signature whose d= matches the RFC 2821 HELO domain does not
satisfy ADSP unless the EHLO domain is the same as the one in the
From: address.
etc.
If you think these are silly, I wouldn't disagree, but I don't see any
reason that some of them are sillier than others.
R's,
John
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html