>That sounds to me like you are saying that DKIM first party signing is only >for big domains.
No, I'm saying that the anyone who wants to sign their mail with their own domain can do so. If you want to delegate that to a service bureau, we have working examples today of domains using NS delegation to outsource their mail including DK signing. Even if you are too cheap to use a DNS service that lets you put in NS records, your can get much the same effect by having your mail service make up your keys, send you CNAME or TXT records, and you cut and paste them into your zone, not unlike the way that you help people to put in SPF records. >"You're little, third party is good enough for you" is not the right answer. Actually, what I was saying is "you're little, your ISP's signature is the one that matters." I host a bunch of little domains, and I expect to sign all of their mail with my own somewhat better known domain. I should be able to sign the mail of people who want with their own domain, probably at modest extra cost, but I doubt many will ask. >At this point I'm not suggesting an alternative. My point is that NS >subdomain delegation is not sufficient by itself. If I understand your position, you are positing that someone will pay between $20 and $50/mo for Internet access, probably some extra amount per month for a DKIM-capable mail service, but they use a crummy DNS service where they don't know how to put in NS records, and the $2/mo it would cost to switch to a DNS service that does support them is an insurmountable barrier. Maybe I'm getting hard hearted in my old age, but pleas of selective ineptness or selective poverty do not make a compelling argument for anything. R's, John _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
