Franck Martin wrote:
I do not see where is the issue? I 3rd party sign emails and I have not
faced any problems with that (Am I missing something?) The providers
that check DKIM all include a dkim=pass in the mail headers.
Franck,
Thats because receivers have yet to support and honor RFC 5617 (ADSP).
Once they do, your 3rd party signing of domains with ADSP
DKIM=DISCARD|ALL are subject to mail rejection/discard at receivers.
RFC 5617 says:
all All mail from the domain is signed with an Author
Domain Signature.
discardable
All mail from the domain is signed with an
Author Domain Signature. Furthermore, if a
message arrives without a valid Author Domain
Signature due to modification in transit,
submission via a path without access to a
signing key, or any other reason, the domain
encourages the recipient(s) to discard it.
What Bill is referring to is the "3rd party Policies" that was part of
the original SSP specification but pulled for ADSP.
SSP include a "concept" that allowed 3rd party signatures, however,
the complexity was how do we control (authorize) the 3rd party signer.
In other words, how to we tell the world that 1st party domain
"santronics.com" allows 3rd party signer domain "genuis.com" to sign
mail on the behalf of santronics.com.
The proposals were to provide a LIST "somwhere" like in the POLICY
record. The draft DSAP proposal offered this feature. The issue with
that is how big can that list be.
--
HLS
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html