My understanding of the process from the drafts is that if a message from an
"alleged sender" in domain arvel.bbiw.net was received containing a valid
The term "sender" has become sufficiently ambiguous, so that I try to make
precise references, to avoid confusion. I especially do not know what "alleged
sender" means.
Perhaps you mean that there is a disparity between the identity in the
rfc2822.sender header field (or perhaps the rfc2822.from field) and the dkim
signing identity?
To use the example from before, if arvel sends a message that has the signing
identity "arvel.bbiw.net" and an rfc2822.from field of
"dcrocker(_at_)bbiw(_dot_)net" then
it will validate only if bbiw.net authorized arvel.
This does not require an additional check on anything one might call "policy".
A problem arises if the signing identity has a completely different domain than
the rfc2822.from identity.
d/
---
Dave Crocker
Brandenburg InternetWorking
+1.408.246.8253
dcrocker a t ...
WE'VE MOVED to: www.bbiw.net