On Nov 15, 2006, at 11:33 AM, John Glube wrote:
* When writing the SSP, the working group takes into
account that there is a group of senders (who mail on
behalf of others) that follow recommended practices by
publishing a sender header, who would like to sign the
sender header, have this signature verified and want to
protect the domain in the sender header from phishing and
Is the content of the Sender header commonly used
by the end-user, or even visible to them?
If not, how is it directly relevant to "phishing and forgery
(I'm not arguing that having a Sender header that points
at the sender is anything other than a good thing, or even
that having some Sender-specific foo in some hypothetical
SSP spec would be a bad thing, just the line of reasoning.
I think you're skipping over some details that are important
to bring up explicitly.).
NOTE WELL: This list operates according to