[dmarc-discuss] How does *this* mailing list interact with dmarc?
John R Levine
johnl at taugh.com
Fri Jun 22 07:26:48 PDT 2012
> Forgive the new guy...
Well, you're certainly good at finding the hot buttons.
> One feature of DKIM that seems very interesting (and potentially
> applicable) is the ability to divide the key namespace up using
> selectors. If I understand correctly, wouldn't this address many of
> the problems being discussed here?
This has, ah, come up before. Selectors are for key management, not
namespace management. When managing a signing domain's reputation, you
ignore the selector. That allows key rotation, both on a schedule and in
an emergency if a key is compromised. It also lets you distribute
different keys to multiple signing hosts, so if one screws up you can
revoke its key without having to change the key on all the others, and
without having to start over with a new signing domain with no reputation.
> For that matter, if you used a key per user ...
Heck, I use a different selector on every message, but I don't think
that scales very well.
>>> How can we help?
>> Encourage those systems to sign their outgoing mail so recipients can
>> develop a reputation for them.
John Levine, johnl at taugh.com, Taughannock Networks, Trumansburg NY
"I dropped the toothpaste", said Tom, crestfallenly.
More information about the dmarc-discuss