I've noticed that quite a few domains sporting DK policy records
have a syntax that isn't quite what is specified in Appendix A of the
draft. A classic example is yahoo.com:
$ dig _domainkey.yahoo.com txt
; <<>> DiG 9.2.2 <<>> _domainkey.yahoo.com txt
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34671
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 5, ADDITIONAL: 5
;; QUESTION SECTION:
;_domainkey.yahoo.com. IN TXT
;; ANSWER SECTION:
_domainkey.yahoo.com. 7200 IN TXT "t=y\; o=~\; n=http://
antispam.yahoo.com/domainkeys"
...
I'm talking about the tag/value termination with "\;" ( slash
followed by semicolon ).
And it seems quite pervasive. Of 324 domains I have found with DK
policy records, 257 of them do this exact same thing.
Is this an older syntax? Is there some automated tool out there that
is not doing the right thing?
As a side note: it would be nice if future versions of DK would have
a simple identifier marking the TXT as a DK record. I have found 3
times as many SPF records with _domainkey prefixes than actual DK
records. I would think v=dk1; would work and be compatible with the
current syntax. Of course, with a dedicated record type this is not
an issue.
-andy