J.D. Falk wrote: > On 2006-09-06 10:45, Hallam-Baker, Phillip wrote: > >> The main value I see in user level policy is easing phased >> deployment. If you are a bank with 100,000 employees with email and >> you want to deploy DKIM you probably want some form of hook that lets >> you do it in stages. > > So they'll have 100,000 SSP records? > > Perhaps there's an easier, more flexible, more scalable hook...like > "we don't sign all mail." >
There's a subtlety in draft-allman-dkim-ssp-02 that if user-level SSP is specified but no user-level record is found, it uses the domain-level SSP. So if there are a few exceptions to the domain-level SSP, you only need to publish a few. In any case, for your example, no more than 50,000 :-) The aspect of user-level SSP that concerns me equally is the transaction load. When user-level SSP is "turned on", the verifier MUST query for a user-level record in addition to the domain-level record. User-level queries are not as effectively cached, since these are queries for individual addresses, not domains. -Jim _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
