On 6/22/10 5:07 PM, John Levine wrote:
Not quite, it's a third party's assertions that are somewhat but not really
like ADSP
As far as I know Amazon doesn't make any ADSP assertions, but it is my
impression that they sign all their transactions with DK or DKIM, and
they're certainly a phish target, so it would be reasonable to drop
unsigned Amazon mail anyway.
What happens when Amazon has a service using a parent signature? As a
result of a third-party vouching service, their messages might be
discarded, and they won't become aware of the issue until damage is wide
spread. TINLA, but it seems having a service advocating for the
discard of someone elses's email could be a liability. How does one
determine whether a vouching service is authoritative for the domain in
question? Please don't say use another vouching service, because the
issue is _who_ should decide whether a message must have a valid
Author-Domain signature or be discarded.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html