> But the protocol allows the bulk mailer to create any key records > they like and the protocol as it is written today means that they > are treated by the infrastructure as equivalent.
I suppose the bulk mailer could forge mail from [EMAIL PROTECTED] and sign it with d=email.orbitz.com, but I don't see why that's any different from signing it with d=doubleclick.com or any other domain they control. The dkim-base treats all d= the same, regardless of the DNS structure. What security issue does subdomain delegation introduce here? R's, John _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
