>> Informative Note: DKIM signatures by parent domains as described in >> section 3.8 of [RFC4871] (in which a signer uses "i=" to assert >> that it is signing for a subdomain) do not satisfy the requirements >> for an Author Domain Signature as defined above.
Since there is no other reference to i= in the ADSP document, the reason to put in a note like this is to warn people who have a mistaken impression of the way that ADSP works. If we're going to do that, there's quite a lot of other warnings that are at least as important to add, such as: A signature whose d= matches the domain of a Sender: address does not satisfy ADSP unless the Sender: and From: addresses are in the same domain. A signature whose d= matches the domain of a Resent-From: or Resent-Sender: address does not satisfy ADSP unless that address and the From: addresses are in the same domain. A signature whose d= matches the RFC 2821 envelope MAIL FROM address does not satisfy ADSP unless the MAIL FROM and From: addresses are in the same domain. A signature whose d= matches the RFC 2821 HELO domain does not satisfy ADSP unless the EHLO domain is the same as the one in the From: address. etc. If you think these are silly, I wouldn't disagree, but I don't see any reason that some of them are sillier than others. R's, John _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
