>In addition, I would also note that it is extremely easy in a group like >this to lose track of how non-technical many domain owners are today.
Right, and that means that they use someone else to provide their mail service. Keep in mind that DKIM, unlike SPF, requires the active participation of whoever runs your outgoing mail server to apply signatures, unless you are enough of a weenie to run a signing engine in your MUA and do your own key management. For the vast majority of non-technical users, their ISP or hosting company's MTA will apply its own signature, and that will be good enough. Indeed, it will probably be better than a tiny domain's own signature, since whatever formal or informal reputation systems recipients use are much more likely to have entries for the ISP than for a tiny domain that sends 12 messages a week. I suppose it is hypothetically possible that providers will upgrade their MTAs to support per-domain DKIM signing and out of perverse hostility won't offer the DNS support for it. That has never impressed me as a scenario likely enough to be worth inventing a new mechanism with unknown security problems that has to be implemented by all DKIM recipients. R's, John _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
