DKIM either needs stronger binding semantics, or
it needs to limit when signing can be done.
I think DKIM deals with this correctly right now. Binding to the
RFC2822.From header is not required BUT when it's missing an SSP check is
performed to discover and enforce the wishes of the domain owner.
--
Arvel
_______________________________________________
ietf-dkim mailing list
<http://dkim.org>