On Apr 10, 2009, at 4:03 AM, Hector Santos wrote:
For example, using my gmail account.
From: gmail(_dot_)sant9442(_at_)winserver(_dot_)com
Dkim-Signature: d=gmail.com
i=(_at_)winserver(_dot_)com
Why is this not desirable/possible?
Hector,
A valid DKIM signature verifies it was added by an entity
authoritative for the email-address namespace claimed within the i=
value. This is only true when this namespace is within the signing
domain as required to be valid.
There was a third-party authorization solution suggested by the
expired I-D:
http://www.sonic.net/~dougotis/id/draft-otis-dkim-tpa-adsp-00.html
If there is interest, perhaps you can co-author an update of this I-D
to leverage a tag added to ADSP that signals the presence of third-
party authorization labels. TXT records at these labels authorize
various uses of the domain by the third-party. This expired draft
places labels at the wrong location, and does not offer an ADSP
signaling method.
The tpa label method scales and can include a large number of mailing-
lists, for example. This would introduces a transaction to confirm or
deny a specific third-party authorization. A vouch by reference
concept might be combined within the tpa label TXT record as an
additional means to confirm the behavior of messages having this
relationship.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html