> [mailto:[EMAIL PROTECTED] On Behalf Of J.D. Falk
> On 2006-09-06 10:45, Hallam-Baker, Phillip wrote: > > > The main value I see in user level policy is easing phased > deployment. > > If you are a bank with 100,000 employees with email and you want to > > deploy DKIM you probably want some form of hook that lets > you do it in > > stages. > > So they'll have 100,000 SSP records? > > Perhaps there's an easier, more flexible, more scalable > hook...like "we don't sign all mail." We don't sign all mail is utterly useless as a policy record. There are only two usefull policy positions ALWAYS SIGN and MIGHT SIGN. There is no value in distinguishing MIGHT SIGN and NEVER SIGN. Since you can wildcard the most common case one would need 50,000 SSP records at most. It is likely that they would be generated automatically as individual mail servers were configured to use DKIM. BITs are cheap. I see no problem in deploying 100,000 DKIM records in such a situation. _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
