Michael Thomas wrote:
John L wrote:
I still don't understand the scenario. Let's call the domain isp.com.
A) No mail has an isp.com From: address, but mail with other From:
addresses may have an isp.com signature.
Consider what I believe Y! does in their MUA: if it's got a valid
signature from isp.com
with a From: foo(_at_)customer(_dot_)com, it doesn't get a nice little message
saying that Y!
believe it came from customer.com. Thus the outsourced mail will not
be treated on
a par with mail signed on behalf of the domain.
But suppose example.com is not a customer of isp.com but yet a message
from example.com has a valid signature from isp.com. Are you saying
that Y! should say that it believes it came from example.com, based on
the assertion by isp.com that it only signs third-party messages?
Maybe I have trimmed off too much context here, I thought we were
discussing the value of an "I only sign third-party messages". I'm with
John; I don't see how that provides any useful information to the verifier.
NOTE WELL: This list operates according to