Earl Hood wrote:
On August 15, 2005 at 15:49, "Arvel Hathcock" wrote:
DKIM either needs stronger binding semantics, or
it needs to limit when signing can be done.
I think DKIM deals with this correctly right now. Binding to the
RFC2822.From header is not required BUT when it's missing an SSP check is
performed to discover and enforce the wishes of the domain owner.
IIRC, an SSP check is done against the "Originator Address". This is
either the rfc2822.from or rfc2822.sender.
That's not correct. It's only From.
ietf-dkim mailing list