The near issue has already come up and the end-result - NO. A
customer was asked by their direct marketing spammer to add DKIM/DKEY
records because YAHOO was forcing the issue on the spammer to access
YAHOO recipients.
They wanted to signed:
coupons.majorcompany.com
and ask the company to add DNS selector records. But the major
company did have a way to stop fake or 3rd party
majorcompany.com
dept.majorcompany.com
services.majorcompany.com
signatures once bad guys learned that the domain was being signed!
Since DKIM lacks fault detection, the answer was no.
--
HLS
Steve Atkins wrote:
Chatting with people offlist the issue of whether there is such a
thing as a good or bad DKIM record came up.
I'm trying to get a feel for peoples views on that so, to give a
concrete example, if your postmaster came to you with this DKIM record
they wanted you to publish in DNS, would you publish it as-is? If not,
why not?
september2006._domainkey.example.com 300 IN TXT "version=DKIM1; a=rsa-
sha1; c=simple/simple; hash=sha1; t=testing; p=MIGfMA0G<more base64
gunk>;"
Cheers,
Steve
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html