[dmarc-discuss] How does *this* mailing list interact with dmarc?

John R Levine johnl at taugh.com
Fri Jun 22 07:26:48 PDT 2012


> Forgive the new guy...

Well, you're certainly good at finding the hot buttons.

> One feature of DKIM that seems very interesting (and potentially
> applicable) is the ability to divide the key namespace up using
> selectors. If I understand correctly, wouldn't this address many of
> the problems being discussed here?

This has, ah, come up before.  Selectors are for key management, not 
namespace management.  When managing a signing domain's reputation, you 
ignore the selector.  That allows key rotation, both on a schedule and in 
an emergency if a key is compromised.  It also lets you distribute 
different keys to multiple signing hosts, so if one screws up you can 
revoke its key without having to change the key on all the others, and 
without having to start over with a new signing domain with no reputation.

> For that matter, if you used a key per user ...

Heck, I use a different selector on every message, but I don't think 
that scales very well.

>>> How can we help?
>>
>> Encourage those systems to sign their outgoing mail so recipients can
>> develop a reputation for them.

Regards,
John Levine, johnl at taugh.com, Taughannock Networks, Trumansburg NY
"I dropped the toothpaste", said Tom, crestfallenly.


More information about the dmarc-discuss mailing list